로그상의 IP주소를 도메인명으로

CoCaLoRes

아파치, Squid 등의 프로그램이 생성한 로그파일에 존재하는 IP주소의 DNS호스트 네임을 찾아주는 간단한 프로그램입니다.
파일 하나로 구성되어 있으며, -d 옵션을 이용하여 구분자를 지정할 수 있고, -c 옵션으로 추출한 결과를 파일로 생성할 수 있습니다.

http://de.sourceforge.jp/projects/sfnet_cocalores/releases/


#!/usr/bin/perl -w
#
# $Id: cocalores,v 1.3 2001/08/27 07:53:49 cord Exp $
#
# DESCRIPTION: cocalores - configurable caching logresolve
#
# Copyright (C) 2000, 2001 Cord Beermann
#
# URL: http://Cocalores.sf.net/
#
# AUTHOR: Cord Beermann (Cord@Wunder-Nett.org)
#
# Thanks to these contributors, bug reporters, and feature requesters:
# Leandros (leandros@sno.at)
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the Free
# Software Foundation; either version 2 of the License, or (at your option)
# any later version.
# (If you modify and want to publish it under the name 'Cocalores', please ask
# me. I don't want to confuse the 'audience' with many different versions of
# the same name and/or Version number. (This is not part of the license, it
# is only a favour i asked of you.))
# This program is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
# more details.
# You should have received a copy of the GNU General Public License along with
# this program; if not, write to the Free Software Foundation, Inc., 59 Temple
# Place - Suite 330, Boston, MA 02111-1307, USA.

# A Perl script is "correct" if it gets the job done before your boss fires
# you.
#   -- 'Programming Perl Second Edition'
# by Larry Wall, Tom Christiansen & Randal L. Schwartz
# If you have to remove this, read the README!
require 5.002;
use vars qw($opt_c $opt_C $opt_d $opt_f $opt_h $opt_n $opt_p $opt_V);
use Getopt::Std;
use Fcntl ':flock';
getopts('c:Cd:f:hn:p:V');
$VERSION='Cocalores $Revision: 1.3 $';
$COPYRIGHT='Copyright (C) 2000, 2001 Cord Beermann.
Cocalores comes with ABSOLUTELY NO WARRANTY. It is free software, and you are
welcome to redistribute it under certain conditions.  See source for details.
Cocalores-Homepage: http://Cocalores.Cord.de/';
$USAGE='Usage: cat log | ' . $0 . ' [switches]
-d delimiter  delimiter of the logfile. (perl regexp syntax) (Default: \'\s+\')
-f number which field should be resolved. (Default: 1 (first field))
-c cachefile where (and if) to cache lookups. (Default: no caching)
-n number Negative Caching of lookups. (Default: 86400s, 1d)
-p number Positive Caching of lookups. (Default: 2592000s, 30d)
  (values can be given with appended m (minute), h (hour),
   d (day))
-C  prints the copyright.
-h  prints out this message.
-V  prints version-info.
';
print($USAGE, "\n\n", $COPYRIGHT, "\n") if ($opt_h);
print($COPYRIGHT, "\n") if ($opt_C);
print($VERSION, "\n\n", $COPYRIGHT, "\n\n") if ($opt_V);
exit 0 if (($opt_h) or ($opt_C) or ($opt_V));
$opt_n = timetrans($opt_n) if ($opt_n);
$opt_p = timetrans($opt_p) if ($opt_p);
$opt_d = '\s+' unless ($opt_d);
$opt_f = 1 unless ($opt_f);
$opt_n = 86400 unless ($opt_n);
$opt_p = 2592000 unless ($opt_p);
if ($opt_d eq '\s+') {
  $out_delimiter = ' ';
} else {
  $out_delimiter = $opt_d;
}
readcache() if $opt_c;
while (<>) {
  @log = split($opt_d);
  if ($log[$opt_f-1] =~ m#^(([0-9][0-9]{0,2}\.){3}[0-9][0-9]{0,2})$#o) {
    if (not defined $hostcache{$1} or ($hostlookuptime{$1} lt time)) {
      $hostcache{$1} = addtonam($1);
      if ($hostcache{$1} eq $1) {
 $hostlookuptime{$1} = time + $opt_n;
      } else {
 $hostlookuptime{$1} = time + $opt_p;
      }
    }
    $log[$opt_f-1] = $hostcache{$1};
  }
  print join($out_delimiter, @log) . "\n";
}
readcache() if $opt_c;
writecache() if $opt_c;
sub readcache {
  if (-e $opt_c) {
    open(CACHE, "$opt_c") or die("$0: can't open $opt_c for reading: $!\n");
    flock(CACHE, LOCK_EX);
    while (<CACHE>) {
      chomp;
      ($date, $ip, $hostname) = split(':');
      if (not defined $hostlookuptime{$ip} or
   ($hostlookuptime{$ip} lt $date)) {
 $hostcache{$ip} = $hostname;
 $hostlookuptime{$ip} = $date;
      }
    }
    flock(CACHE, LOCK_UN);
    close(CACHE);
  } else {
    warn("$0: creating Cachefile $opt_c\n");
  }
}
sub writecache {
  open(CACHE, ">$opt_c") or die("$0: can't open $opt_c for writing: $!\n");
  flock(CACHE, LOCK_EX);
  foreach $ip (keys(%hostcache)) {
    print CACHE "$hostlookuptime{$ip}:$ip:$hostcache{$ip}\n";
  }
  flock(CACHE, LOCK_UN);
  close(CACHE);
}
sub addtonam {
  my ($address) = shift (@_);
  my (@octets);
  my ($hostname, $aliases, $type, $len, $addr);
  my ($ip_number);
  @octets = split '\.', $address;
  undef if ($#octets != 3);
  $ip = pack ("CCCC", @octets[0..3]);
  ($hostname, $aliases, $type, $len, $addr) = gethostbyaddr ($ip, 2);
  if ($hostname) {
    $hostname;
  } else {
    $address;
  }
}
sub timetrans {
  my ($value) = shift (@_);
  unless ($value =~ m#^\d+\s*[mhs]?$#) {
    print(STDERR "$0: wrong value at -p or -n -option: \"$value\"\n\n$USAGE\n\n");
    exit 1;
  }
  if ($value =~ s#\s*s$##) {
    return $value;
  } elsif ($value =~ s#\s*m$##) {
    return $value * 60;
  } elsif ($value =~ s#\s*h$##) {
    return $value * 3600;
  } elsif ($value =~ s#\s*d$##) {
    return $value * 86400;
  } else {
    return $value;
  }
}

.TH COCALORES 1 "$Date: 2001/08/27 07:53:49 $" Handmade "Cocalores Manual"
.SH NAME
cocalores \- COnfigurable CAching LOgfile RESolver
.SH SYNOPSIS
cat log |
.B cocalores
[ cocalores_options ]
.SH DESCRIPTION
.B Cocalores
is a post-processing program to resolve IP-adresses in Logfiles.
To spped things up ant to minimize impact on your nameserver,
.B Cocalores
caches all addresses internally and can use a cachefile to reuse
once lookupped addresses in later runs. You can configure it, so
you should parse different Logfiles i.e. Apache (Common Log) or
Squid (Native Log) with it.
This manual page describes the options of
.B Cocalores
and gives a few examples.
.SH OPTIONS
.TP
.I -d delimiter
delimiter: a string in perl regular expression syntax, which
specifies the seperator between two fields in the input data.
(Default: '\\s+' (this means one or more whitespaces))
.TP
.I -f number
field: specifies which field of the input will be resolved. (Default: 1)
.TP
.I -c cachefile
cachefile: if you set this,
.B Cocalores
will cache its lookups in this file, so you can reuse the data in
later runs. (Default: not set (means: no external caching.))
.TP
.I -n number
negative caching: specifies how long a not succesful lookup on an
Ip-Number will be cached. (Default: 86400s, 1440m, 24h, 1d)
.TP
.I -p number
positive caching: specifies how long a succesful lookup on an
Ip-Number will be cached. (Default: 2592000s, 43200m, 720h, 30d)
.TP
.I -C
Copyright: Prints the copyright information of
.BR Cocalores .
.TP
.I -h
help: Prints a brief description of the command line options.
.TP
.I -V
Version: Prints out the Version-Number.

.SH EXAMPLES
.TP
This example parses Apache Common Logfiles
cat /var/log/apache/access.log |
.B cocalores
.TP
This one parses Squid Native Logfiles
cat /var/log/squid/access.log |
.B cocalores -f 3
.SH BUGS
If you have a problem with
.BR Cocalores ,
please make sure that you use the recent version of
.B Cocalores
(see VERSION below).
If you're sure that you've encountered a bug in Cocalores, please report it to
Cocalores-bug@cord.de.
.SH "SEE ALSO"
.B perlre(1)
.SH AUTHOR
Cord Beermann <Cord@Wunder-Nett.org>.
.SH VERSION
Version of this manpage: $Id: cocalores.1,v 1.2 2001/08/27 07:53:49 cord Exp $
Information about new releases, mailing lists, and other related issues
can be found from the
.B Cocalores
home page at http://Cocalores.sf.net/
.SH WARRANTY
.B Cocalores
comes with "absolutely no warranty".
.SH COPYRIGHT


Copyright (C) 2000, 2001 Cord Beermann
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.(If you modify and want to publish it under the name .BR Cocalores, please ask me.  I don't want to confuse the 'audience' with many different versions of the same name and/or Version number.  (This is not part of the license, it is only a favour i asked of you.))

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.