Unten sehen Sie die Ausgabe auf dem Bildschirm finden und den Quellcode des ProblemsFehlinterpretation mit Hashes in Perl, aus Protokolldatei bevöl
Use of uninitialized value $port in hash element at ./test3.prg line 26, <LOG> line 1.
Use of uninitialized value $port in hash element at ./test3.prg line 26, <LOG> line 2.
Use of uninitialized value $port in hash element at ./test3.prg line 26, <LOG> line 3.
Use of uninitialized value $port in hash element at ./test3.prg line 26, <LOG> line 4.
AttemptsOnIP
181.3.202.142,1
183.3.202.172,18
Port,Status,AttemptOnPort,AttemptsOnIP,Malicious
15853,failed,4,1,
15853,succeeded,4,1,
18693,failed,1,1,
18942,failed,1,1,
18942,succeeded,1,1,
31130,succeeded,1,1,
43041,failed,1,1,
43041,succeeded,1,1,
44444,failed,1,1,
46321,failed,1,1,
46321,succeeded,1,1,
47417,failed,3,1,
47417,succeeded,3,1,
48713,failed,1,1,
48713,succeeded,1,1,
53653,failed,1,1,
53653,succeeded,1,1,
60563,failed,1,1,
60563,succeeded,1,1,
15853,failed,4,18,
15853,succeeded,4,18,
18693,failed,1,18,
18942,failed,1,18,
18942,succeeded,1,18,
31130,succeeded,1,18,
43041,failed,1,18,
43041,succeeded,1,18,
44444,failed,1,18,
46321,failed,1,18,
46321,succeeded,1,18,
47417,failed,3,18,
47417,succeeded,3,18,
48713,failed,1,18,
48713,succeeded,1,18,
53653,failed,1,18,
53653,succeeded,1,18,
60563,failed,1,18,
60563,succeeded,1,18,
Dies ist der Code
#!/usr/bin/perl
use warnings;
use strict;
my $file = "/home/tsec/prototype/logs/extractedlogs/cowrieresult.log";
open (LOG, $file);
# Assemble results for required output in data structure:
# %rept = { $port => { $usr => { $status => $freq } };
my %by_ip;#new code
my %rept;
my ($ip, $port);
while (my $line = <LOG>)
{
if ($line =~ /New connection/) {
($ip, $port) = $line =~ /New connection:\s+([^:]+):(\d+)/;
$by_ip{$ip}++;
next;
}
my ($usr, $status) = $line =~ m/login\ attempt \s+ \[ ([^\]]+) \] \s+ (\w+)/x;
if ($usr and $status) {
$rept{$port}{$usr}{$status}++;
#$by_ip{$ip}{$usr}{$status}++; # first 4 lines in log dont have ip and port
# since they are login attempt not new connection.
}
else { warn "Line with an unexpected format:\n$line" }
}
#close(LOG);
#open (LOG, $file);
#my $frequency = 0;
#while (my $line = <LOG>){
# if($line =~ /login attempt/){
#split string, get the ip and match it with original $ip
# my ($testip) = (split /[\s,:\[\]\/]+/, $line)[-6];
#print "$testip\n";
#this two lines above print ips from login attempt line.
# if($testip =~ /$ip/){
# $frequency++;
# }
#elsif($testip =~ /^(?!$ip)/) {
# stop frequency counter and start another one?
# print "$frequency\n";
# $frequency = 0;
#}
# }
#}
#print "$frequency\n";
#close(LOG);
#new code
print "AttemptsOnIP\n";
#foreach my $ip (sort keys %by_ip){
# foreach my $usr (sort keys %{$by_ip{$ip}}){
# foreach my $status (sort keys %{$rept{$usr}}){
# print "$ip,$by_ip{$ip}{$usr}{$status}\n";
# }
# }
#}
#new code
foreach my $ip (sort keys %by_ip){
print "$ip,$by_ip{$ip}\n";
}
print "\n";
#new code
print "Port,Status,AttemptOnPort,AttemptsOnIP,Malicious\n";
foreach my $ip (sort keys %by_ip){
foreach my $port (sort keys %rept) {
foreach my $usr (sort keys %{$rept{$port}}) {
foreach my $stat (sort keys %{$rept{$port}{$usr}}) {
if($port ne ""){
print "$port,$stat,$rept{$port}{$usr}{$stat},$by_ip{$ip},\n";
}
}
}
}
}
#new code
Erzeugung Und das ist die Logfile, die ich
habe2016-05-02 10:20:56+0000 [SSHService ssh-userauth on HoneyPotTransport,14,183.3.202.172] login attempt [root/[email protected]] failed
2016-05-02 10:20:57+0000 [SSHService ssh-userauth on HoneyPotTransport,15,183.3.202.172] login attempt [root/[email protected]] failed
2016-05-02 10:20:57+0000 [SSHService ssh-userauth on HoneyPotTransport,14,183.3.202.172] login attempt [root/123456] succeeded
2016-05-02 10:20:58+0000 [SSHService ssh-userauth on HoneyPotTransport,15,183.3.202.172] login attempt [root/123456] succeeded
2016-05-02 10:43:32+0000 [cowrie.ssh.transport.HoneyPotSSHFactory] New connection: 183.3.202.172:55157 (172.17.0.5:2222) [session: 43283650]
2016-05-02 10:43:46+0000 [cowrie.ssh.transport.HoneyPotSSHFactory] New connection: 183.3.202.172:10319 (172.17.0.5:2222) [session: c7702f86]
2016-05-02 10:43:53+0000 [cowrie.ssh.transport.HoneyPotSSHFactory] New connection: 183.3.202.172:46321 (172.17.0.5:2222) [session: fe7bb804]
2016-05-02 10:43:57+0000 [SSHService ssh-userauth on HoneyPotTransport,17,183.3.202.172] login attempt [root/[email protected]] failed
2016-05-02 10:43:58+0000 [SSHService ssh-userauth on HoneyPotTransport,17,183.3.202.172] login attempt [root/123456] succeeded
2016-05-02 10:43:59+0000 [cowrie.ssh.transport.HoneyPotSSHFactory] New connection: 183.3.202.172:18693 (172.17.0.5:2222) [session: d74eae96]
2016-05-02 10:44:02+0000 [SSHService ssh-userauth on HoneyPotTransport,18,183.3.202.172] login attempt [root/[email protected]] failed
2016-05-02 10:44:03+0000 [cowrie.ssh.transport.HoneyPotSSHFactory] New connection: 183.3.202.172:31130 (172.17.0.5:2222) [session: 3bde7820]
2016-05-02 10:44:03+0000 [SSHService ssh-userauth on HoneyPotTransport,18,183.3.202.172] login attempt [root/123456] succeeded
2016-05-02 10:44:05+0000 [cowrie.ssh.transport.HoneyPotSSHFactory] New connection: 183.3.202.172:47417 (172.17.0.5:2222) [session: 3e177c02]
2016-05-02 10:44:06+0000 [SSHService ssh-userauth on HoneyPotTransport,19,183.3.202.172] login attempt [root/[email protected]] failed
2016-05-02 10:44:09+0000 [SSHService ssh-userauth on HoneyPotTransport,19,183.3.202.172] login attempt [root/123456] succeeded
2016-05-02 10:44:10+0000 [SSHService ssh-userauth on HoneyPotTransport,21,183.3.202.172] login attempt [root/[email protected]] failed
2016-05-02 10:44:11+0000 [SSHService ssh-userauth on HoneyPotTransport,21,183.3.202.172] login attempt [root/123456] succeeded
2016-05-02 10:44:13+0000 [SSHService ssh-userauth on HoneyPotTransport,20,183.3.202.172] login attempt [root/[email protected]] failed
2016-05-02 10:44:14+0000 [SSHService ssh-userauth on HoneyPotTransport,20,183.3.202.172] login attempt [root/123456] succeeded
2016-05-02 11:06:55+0000 [cowrie.ssh.transport.HoneyPotSSHFactory] New connection: 183.3.202.172:13849 (172.17.0.5:2222) [session: b20915b6]
2016-05-02 11:07:06+0000 [cowrie.ssh.transport.HoneyPotSSHFactory] New connection: 183.3.202.172:61338 (172.17.0.5:2222) [session: cd38fe51]
2016-05-02 11:07:14+0000 [cowrie.ssh.transport.HoneyPotSSHFactory] New connection: 183.3.202.172:23048 (172.17.0.5:2222) [session: 01b12825]
2016-05-02 11:07:21+0000 [cowrie.ssh.transport.HoneyPotSSHFactory] New connection: 183.3.202.172:60563 (172.17.0.5:2222) [session: ad64232b]
2016-05-02 11:07:26+0000 [SSHService ssh-userauth on HoneyPotTransport,23,183.3.202.172] login attempt [root/[email protected]] failed
2016-05-02 11:07:27+0000 [SSHService ssh-userauth on HoneyPotTransport,23,183.3.202.172] login attempt [root/123456] succeeded
2016-05-02 11:07:33+0000 [cowrie.ssh.transport.HoneyPotSSHFactory] New connection: 183.3.202.172:53653 (172.17.0.5:2222) [session: 9c48415b]
2016-05-02 11:07:41+0000 [SSHService ssh-userauth on HoneyPotTransport,26,183.3.202.172] login attempt [root/[email protected]] failed
2016-05-02 11:07:47+0000 [SSHService ssh-userauth on HoneyPotTransport,26,183.3.202.172] login attempt [root/123456] succeeded
2016-05-02 11:12:25+0000 [cowrie.ssh.transport.HoneyPotSSHFactory] New connection: 183.3.202.172:18942 (172.17.0.5:2222) [session: a4dc4901]
2016-05-02 11:12:34+0000 [SSHService ssh-userauth on HoneyPotTransport,27,183.3.202.172] login attempt [root/[email protected]] failed
2016-05-02 11:12:36+0000 [SSHService ssh-userauth on HoneyPotTransport,27,183.3.202.172] login attempt [root/123456] succeeded
2016-05-02 11:32:40+0000 [cowrie.ssh.transport.HoneyPotSSHFactory] New connection: 183.3.202.172:40091 (172.17.0.5:2222) [session: aeb36234]
2016-05-02 11:32:43+0000 [cowrie.ssh.transport.HoneyPotSSHFactory] New connection: 183.3.202.172:53505 (172.17.0.5:2222) [session: 9022c831]
2016-05-02 11:32:48+0000 [cowrie.ssh.transport.HoneyPotSSHFactory] New connection: 183.3.202.172:15131 (172.17.0.5:2222) [session: cf62fb9a]
2016-05-02 11:32:48+0000 [cowrie.ssh.transport.HoneyPotSSHFactory] New connection: 183.3.202.172:15853 (172.17.0.5:2222) [session: f2f6c254]
2016-05-02 11:32:50+0000 [SSHService ssh-userauth on HoneyPotTransport,28,183.3.202.172] login attempt [root/[email protected]] failed
2016-05-02 11:32:52+0000 [SSHService ssh-userauth on HoneyPotTransport,28,183.3.202.172] login attempt [root/123456] succeeded
2016-05-02 11:32:55+0000 [SSHService ssh-userauth on HoneyPotTransport,29,183.3.202.172] login attempt [root/[email protected]] failed
2016-05-02 11:32:55+0000 [SSHService ssh-userauth on HoneyPotTransport,30,183.3.202.172] login attempt [root/[email protected]] failed
2016-05-02 11:32:56+0000 [SSHService ssh-userauth on HoneyPotTransport,30,183.3.202.172] login attempt [root/123456] succeeded
2016-05-02 11:32:57+0000 [SSHService ssh-userauth on HoneyPotTransport,31,183.3.202.172] login attempt [root/[email protected]] failed
2016-05-02 11:32:59+0000 [SSHService ssh-userauth on HoneyPotTransport,31,183.3.202.172] login attempt [root/123456] succeeded
2016-05-02 11:33:04+0000 [SSHService ssh-userauth on HoneyPotTransport,29,183.3.202.172] login attempt [root/123456] succeeded
2016-05-02 11:33:07+0000 [cowrie.ssh.transport.HoneyPotSSHFactory] New connection: 183.3.202.172:48713 (172.17.0.5:2222) [session: e1544c90]
2016-05-02 11:33:15+0000 [SSHService ssh-userauth on HoneyPotTransport,32,183.3.202.172] login attempt [root/[email protected]] failed
2016-05-02 11:33:18+0000 [SSHService ssh-userauth on HoneyPotTransport,32,183.3.202.172] login attempt [root/123456] succeeded
2016-05-02 11:33:19+0000 [cowrie.ssh.transport.HoneyPotSSHFactory] New connection: 183.3.202.172:43041 (172.17.0.5:2222) [session: 383f328c]
2016-05-02 11:33:25+0000 [SSHService ssh-userauth on HoneyPotTransport,33,183.3.202.172] login attempt [root/[email protected]] failed
2016-05-02 11:33:26+0000 [SSHService ssh-userauth on HoneyPotTransport,33,183.3.202.172] login attempt [root/123456] succeeded
2016-05-02 11:33:19+0000 [cowrie.ssh.transport.HoneyPotSSHFactory] New connection: 181.3.202.142:44444 (172.17.0.5:2222) [session: 383f328c]
2016-05-02 11:33:25+0000 [SSHService ssh-userauth on HoneyPotTransport,33,181.3.202.142] login attempt [root/xyz] failed
Also im Grunde möchte ich Ports, die mit IP X verbunden sind, t zu haben Die Gesamtzahl der Vorkommen, die die IP in der Protokolldatei hat.
So zum Beispiel möchte ich diese Ausgabe ohne sich wiederholende Einträge, anders als wie in Pastebin
15853,failed,4,18,
15853,succeeded,4,18,
18693,failed,1,18,
18942,failed,1,18,
18942,succeeded,1,18,
31130,succeeded,1,18,
43041,failed,1,18,
43041,succeeded,1,18,
44444,failed,1,1, -> Since it is seen only once in logfile
46321,failed,1,18,
46321,succeeded,1,18,
47417,failed,3,18,
47417,succeeded,3,18,
48713,failed,1,18,
48713,succeeded,1,18,
53653,failed,1,18,
53653,succeeded,1,18,
60563,failed,1,18,
60563,succeeded,1,18,
gezeigt
UPDATE: migrierten alles von Paste bin auf den Posten. Ich möchte auch der nicht initialisierten Wert Port loszuwerden
Ist das nicht ein [Duplikat] (http://stackoverflow.com/questions/36992311/print-records-from-log-file-using-perl-and-hash-data-structure)? –
@MattJacob ja, aber das ist mehr aktualisiert und vielleicht besser erklärt – firepro20
@ikegami nur getan – firepro20