LITTLEBLACKDOG.COM Forum Index LITTLEBLACKDOG.COM

 
LWD LWD   FAQ FAQ   Memberlist Memberlist   Usergroups Usergroups   Active Topics Active Topics   Register Register  
  Profile Profile   Log in to check your private messages Log in to check your private messages   Log in Log in  
  Who is Online Who is Online   Image Gallery Image Gallery   Chat Chat   Search Search  
  LWDGear       LBDGear  

needed | perl scirpt | watch for these IPS
 View next topic
View previous topic
Post new topic     Reply to topic   LITTLEBLACKDOG.COM Forum Index » Code Warriors
Author Message
fear_nothing
Moderator
Moderator


Joined: 07 Nov 2001
Posts: 2750
Location: The end of the internet
Post Posted: Fri Aug 31, 2007 10:22 am   Post subject: needed | perl scirpt | watch for these IPS Reply with quote Back to top  
looking for a perl script that will watch for several known ip addresses & email when found.

this is being done whilist tailing a linux log file.

help please

_________________
-Fear

Remember when it comes to Information Security only the paranoid will survive….






Slashdot poster: I don't use commercial applications. I don't use programs for my security tests. I do the tests myself everyday.

Slashdot reply: You don't use programs? What, you put the cat-5 in your mouth and try to *taste* the intruders?

An infinite number of monkeys pounding away on keyboards will eventually produce a report showing that Windows is more secure and has a lower TCO, than linux.
View user's profile Send private message
CMTG
Leg Humper
Leg Humper


Joined: 23 Feb 2002
Posts: 4896
Location: On average, Cheltenham.
Post Posted: Fri Aug 31, 2007 11:28 am   Post subject: Reply with quote Back to top  
This is extremely quick 'n' dirty. You will certainly need to go to town on the pattern matching, and it only prints the matches to stdout, and it never exits, but the principle is there:

("Perl" with a lower case P is spelled incorrectly to get past the braindead lameness filter.)

Code: Select all
#!/usr/bin/peerl

use strict;
use File::Tail;

my $logfile = 'test.log';
my $file = File::Tail->new(name=>$logfile, maxinterval=>5, adjustafter=>5);
while (defined(my $line=$file->read)) {
   if($line =~ m/^10\.0\.0\.5/) {
      print "$line";
   }
}


If you create the test.log file and start the script in one terminal window:

Code: Select all
[mbooth@mc ~]$ touch test.log
[mbooth@mc ~]$ ./test.pl


And then start appending to the test.log file from another terminal window:

Code: Select all
[mbooth@mc ~]$ echo "10.0.0.1" >> test.log
[mbooth@mc ~]$ echo "10.0.0.2" >> test.log
[mbooth@mc ~]$ echo "10.0.0.3" >> test.log
[mbooth@mc ~]$ echo "10.0.0.4" >> test.log
[mbooth@mc ~]$ echo "10.0.0.5" >> test.log
[mbooth@mc ~]$ echo "10.0.0.6" >> test.log


You get this output in the first window:

Code: Select all
[mbooth@mc ~]$ touch test.log
[mbooth@mc ~]$ ./test.pl
10.0.0.5


It acts like it's grepping tail -f output. Is that the sort of thing you're after?

_________________
Pie. I wish I could
constrain my hungry greed but...
Sadly, defeated.

Charlene's Law: There's no such thing as can't.
Charlene's Corollary: Unless it's followed by be arsed.
View user's profile Send private message Send e-mail Visit poster's website
fear_nothing
Moderator
Moderator


Joined: 07 Nov 2001
Posts: 2750
Location: The end of the internet
Post Posted: Fri Aug 31, 2007 4:18 pm   Post subject: Reply with quote Back to top  
sweet thanks

_________________
-Fear

Remember when it comes to Information Security only the paranoid will survive….






Slashdot poster: I don't use commercial applications. I don't use programs for my security tests. I do the tests myself everyday.

Slashdot reply: You don't use programs? What, you put the cat-5 in your mouth and try to *taste* the intruders?

An infinite number of monkeys pounding away on keyboards will eventually produce a report showing that Windows is more secure and has a lower TCO, than linux.
View user's profile Send private message
squashman
Big Dog
Big Dog


Joined: 08 Oct 2001
Posts: 3471
Location: 1265 Lombardi Ave.
Post Posted: Mon Sep 03, 2007 6:12 am   Post subject: Reply with quote Back to top  
I remember seeing a linux program that does this already I just can't remember the name of it off hand.
View user's profile Send private message Send e-mail
fear_nothing
Moderator
Moderator


Joined: 07 Nov 2001
Posts: 2750
Location: The end of the internet
Post Posted: Mon Sep 03, 2007 5:34 pm   Post subject: Reply with quote Back to top  
that program is Tenshi & it works damn good. Thats what we ended up using.

http://www.securityfocus.com/tools/4301

_________________
-Fear

Remember when it comes to Information Security only the paranoid will survive….






Slashdot poster: I don't use commercial applications. I don't use programs for my security tests. I do the tests myself everyday.

Slashdot reply: You don't use programs? What, you put the cat-5 in your mouth and try to *taste* the intruders?

An infinite number of monkeys pounding away on keyboards will eventually produce a report showing that Windows is more secure and has a lower TCO, than linux.
View user's profile Send private message
ThunderDawg
Alpha Dog
Alpha Dog


Joined: 14 Apr 2002
Posts: 16584
Location: In The Garden of Eden, Hawnay.
Post Posted: Mon Sep 03, 2007 6:08 pm   Post subject: Reply with quote Back to top  
I am kind of flabbergasted here.

I don't know anything about Linux (even though, ironically, I make
a lot of money converting people to it), but I knew the answer to this.

I don't see how that was possible Undecided
View user's profile Send private message
fear_nothing
Moderator
Moderator


Joined: 07 Nov 2001
Posts: 2750
Location: The end of the internet
Post Posted: Tue Sep 04, 2007 6:01 am   Post subject: Reply with quote Back to top  
TOMaxwell wrote:
I am kind of flabbergasted here.

I don't know anything about Linux (even though, ironically, I make
a lot of money converting people to it), but I knew the answer to this.

I don't see how that was possible Undecided


nice to see you with an avatar again Very Happy

_________________
-Fear

Remember when it comes to Information Security only the paranoid will survive….






Slashdot poster: I don't use commercial applications. I don't use programs for my security tests. I do the tests myself everyday.

Slashdot reply: You don't use programs? What, you put the cat-5 in your mouth and try to *taste* the intruders?

An infinite number of monkeys pounding away on keyboards will eventually produce a report showing that Windows is more secure and has a lower TCO, than linux.
View user's profile Send private message
Display posts from previous:   
Post new topic     Reply to topic   LITTLEBLACKDOG.COM Forum Index » Code Warriors
 
Jump to:  

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2002 phpBB Group
phpBB SEO
All times are GMT - 8 Hours

Help us keep advertisements off this site. Donate today!