1#!/usr/bin/perl -w 2use strict; 3# 4# vpnstats - generate list of VPN connections from PPTP+PPP log messages 5# copyright (C) 2002 Scott Merrill (skippy@skippy.net) 6# 7# usage: vpnstats /var/log/messages 8# 9# version 1.4 09-09-2003 10# - thanks to Masaya Miyamoto (miyamo@po.ntts.co.jp) 11# and David Fuzishima (david_f@zipmail.com.br) for fixing the 12# date/time regexes to catch single-digit days (9 instead of 09). 13# 14# version 1.3 15# - thanks to Andy Behrens <andy.behrens@coat.com> for 16# fixing up the regex to catch extraneous whitespace, and 17# domain names that inlucde numbers and underscores. 18# - I modified the output to report when a user is still connected 19# - thanks to Wolfgang Powisch for fixing hostnames included a "-" 20# 21# This program is free software; you can redistribute it and/or 22# modify it under the terms of the GNU General Public License 23# as published by the Free Software Foundation; either version 2 24# of the License, or (at your option) any later version. 25# 26# This program is distributed in the hope that it will be useful, 27# but WITHOUT ANY WARRANTY; without even the implied warranty of 28# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 29# GNU General Public License for more details. 30# 31# You should have received a copy of the GNU General Public License 32# along with this program; if not, write to the Free Software 33# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 34# 35my @messages = (); 36my %PID_USER = (); 37my %PID_IP = (); 38my %PID_LENGTH = (); 39my %PID_SENT = (); 40my %PID_RECEIVED = (); 41my %PID_DATETIME = (); 42my %USER_TOTAL_CONNECT = (); 43my %USER_TOTAL_TIME = (); 44my %USER_TOTAL_SENT = (); 45my %USER_TOTAL_RECEIVED = (); 46my %vpnstats = (); 47 48@messages = <>; 49 50# for each line of input 51foreach my $x (@messages) { 52 if ($x =~ /^(\w+\s+\d+\s\d+:\d+:\d+)\s # $1 = date+time 53 \S+\spppd\[(\d+)\]:\s # $2 = PID 54 MSCHAP-v2\speer\sauthentication\ssucceeded\sfor\s 55 # I don't want the DOMAIN\\ prefix 56 (.+\\)*(\w+)$ # $4 = username 57 /x) { 58 $PID_USER{$2} = $4; 59 $PID_DATETIME{$2} = $1; 60 $USER_TOTAL_CONNECT{$4}++; 61 } elsif ($x =~ /^(\w+\s+\d+\s\d+:\d+:\d+)\s # $1 = date+time 62 \S+\spppd\[(\d+)\]:\s # $2 = PID 63 Connect\stime\s 64 (\d*\.\d*) # $3 = minutes 65 \sminutes\.$ 66 /x) { 67 $PID_LENGTH{$2} = $3; 68 $USER_TOTAL_TIME{$PID_USER{$2}} += $3; 69 } elsif ($x =~ /^(\w+\s+\d+\s\d+:\d+:\d+)\s # $1 = date+time 70 \S+\spppd\[(\d+)\]:\s # $2 = PID 71 Sent\s(\d+)\sbytes,\s # $3 = bytes sent 72 received\s(\d+)\s # $4 = bytes received 73 /x) { 74 $PID_SENT{$2} = $3; 75 $PID_RECEIVED{$2} = $4; 76 $USER_TOTAL_SENT{$PID_USER{$2}} += $3; 77 $USER_TOTAL_RECEIVED{$PID_USER{$2}} += $4; 78 } elsif ($x =~ /^(\w+\s+\d+\s\d+:\d+:\d+)\s # $1 = date+time 79 \S+\spptpd\[(\d+)\]:\s # $2 = PID 80 CTRL:\sClient\s 81 (\d+\.\d+\.\d+\.\d+)\s # $3 = IP 82 control\sconnection\sfinished$ 83 /x) { 84 $PID_IP{($2+1)} = $3; 85 if (!defined ($PID_USER{($2+1)})) { 86 $PID_DATETIME{($2+1)} = $1; 87 $PID_USER{($2+1)} = "FAILED"; 88 $USER_TOTAL_CONNECT{"FAILED"}++; 89 } 90 } 91} 92foreach my $user (sort keys %USER_TOTAL_CONNECT) { 93 if (! defined $user) { next }; 94 if ($user ne "FAILED") { 95 print $user, ": ", $USER_TOTAL_CONNECT{$user}, " connections, "; 96 print $USER_TOTAL_TIME{$user}, " minutes ("; 97 print $USER_TOTAL_SENT{$user}, " sent, "; 98 print $USER_TOTAL_RECEIVED{$user}, " received).\n"; 99 foreach my $pid (sort keys %PID_DATETIME) { 100 if ($user eq $PID_USER{$pid}) { 101 print " "; 102 print $PID_DATETIME{$pid}, ": connected "; 103 if ($PID_IP{$pid}) { 104 print "from $PID_IP{$pid} "; 105 print "for $PID_LENGTH{$pid} minutes.\n"; 106 } else { 107 print "<still connected>\n"; 108 } 109 } 110 } 111 } 112} 113if (defined $USER_TOTAL_CONNECT{"FAILED"}) { 114 print "\n\n"; 115 print "FAILED CONNECTION ATTEMPTS: "; 116 print $USER_TOTAL_CONNECT{"FAILED"}, "\n"; 117 foreach my $pid (sort keys %PID_DATETIME) { 118 if ($PID_USER{$pid} eq "FAILED") { 119 print " "; 120 print $PID_DATETIME{$pid}, ": attempt from "; 121 print $PID_IP{$pid}, "\n"; 122 } 123 } 124} 125 126