jak podzielic logi firewalla na przedzialy czasowe co 30 minut

[pardi]

Witam,

Mam szybkie pytanko... musze przeanalizowac logi firewalla, ale musze to zrobic w poszczegolnych przedzialach czasowych...
Jak moge wyswietlic logi tak zeby byly "zlamane" w 30 minutowe przedzialy?

Dzieki za pomoc...
Pozdro

P

[Ubek308]

Podaj choc z jedną linijkę, bedzie przynajmniej wiadomo po czym ciąć.

[pardi]

A sorry... standardowy ufw.log:
Pozdrawiam,

P

Kod: Zaznacz cały

May 20 06:45:59 homesrv01 kernel: [213099.896921] [UFW AUDIT] IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=468 TOS=0x00 PREC=0x00 TTL=64 ID=46481 DF PROTO=UDP SPT=58239 DPT=58239 LEN=448
May 20 06:45:59 homesrv01 kernel: [213099.896948] [UFW AUDIT] IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 LEN=468 TOS=0x00 PREC=0x00 TTL=64 ID=46481 DF PROTO=UDP SPT=58239 DPT=58239 LEN=448
May 20 06:45:59 homesrv01 kernel: [213099.896999] [UFW AUDIT] IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=453 TOS=0x00 PREC=0x00 TTL=64 ID=36765 DF PROTO=TCP SPT=7337 DPT=52520 WINDOW=382 RES=0x00 ACK PSH URGP=0
May 20 06:45:59 homesrv01 kernel: [213099.897024] [UFW AUDIT] IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 LEN=453 TOS=0x00 PREC=0x00 TTL=64 ID=36765 DF PROTO=TCP SPT=7337 DPT=52520 WINDOW=382 RES=0x00 ACK PSH URGP=0
May 20 06:45:59 homesrv01 kernel: [213099.897058] [UFW AUDIT] IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=40447 DF PROTO=TCP SPT=52520 DPT=7337 WINDOW=384 RES=0x00 ACK URGP=0
May 20 06:45:59 homesrv01 kernel: [213099.897087] [UFW AUDIT] IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=40447 DF PROTO=TCP SPT=52520 DPT=7337 WINDOW=384 RES=0x00 ACK URGP=0
May 20 06:46:00 homesrv01 kernel: [213100.399773] [UFW AUDIT] IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=131 TOS=0x00 PREC=0x00 TTL=64 ID=40448 DF PROTO=TCP SPT=52520 DPT=7337 WINDOW=384 RES=0x00 ACK PSH URGP=0
May 20 06:46:00 homesrv01 kernel: [213100.399808] [UFW AUDIT] IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 LEN=131 TOS=0x00 PREC=0x00 TTL=64 ID=40448 DF PROTO=TCP SPT=52520 DPT=7337 WINDOW=384 RES=0x00 ACK PSH URGP=0
May 20 06:46:00 homesrv01 kernel: [213100.400650] [UFW AUDIT] IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=156 TOS=0x00 PREC=0x00 TTL=64 ID=46482 DF PROTO=UDP SPT=58239 DPT=58239 LEN=136
May 20 06:46:00 homesrv01 kernel: [213100.400692] [UFW AUDIT] IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 LEN=156 TOS=0x00 PREC=0x00 TTL=64 ID=46482 DF PROTO=UDP SPT=58239 DPT=58239 LEN=136
May 20 06:46:00 homesrv01 kernel: [213100.400758] [UFW AUDIT] IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=453 TOS=0x00 PREC=0x00 TTL=64 ID=36766 DF PROTO=TCP SPT=7337 DPT=52520 WINDOW=382 RES=0x00 ACK PSH URGP=0
May 20 06:46:00 homesrv01 kernel: [213100.400785] [UFW AUDIT] IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 LEN=453 TOS=0x00 PREC=0x00 TTL=64 ID=36766 DF PROTO=TCP SPT=7337 DPT=52520 WINDOW=382 RES=0x00 ACK PSH URGP=0
May 20 06:46:00 homesrv01 kernel: [213100.400825] [UFW AUDIT] IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=40449 DF PROTO=TCP SPT=52520 DPT=7337 WINDOW=384 RES=0x00 ACK URGP=0
May 20 06:46:00 homesrv01 kernel: [213100.400854] [UFW AUDIT] IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=40449 DF PROTO=TCP SPT=52520 DPT=7337 WINDOW=384 RES=0x00 ACK URGP=0
May 20 06:46:00 homesrv01 kernel: [213100.903777] [UFW AUDIT] IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=131 TOS=0x00 PREC=0x00 TTL=64 ID=40450 DF PROTO=TCP SPT=52520 DPT=7337 WINDOW=384 RES=0x00 ACK PSH URGP=0
May 20 06:46:00 homesrv01 kernel: [213100.903818] [UFW AUDIT] IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 LEN=131 TOS=0x00 PREC=0x00 TTL=64 ID=40450 DF PROTO=TCP SPT=52520 DPT=7337 WINDOW=384 RES=0x00 ACK PSH URGP=0
May 20 06:46:00 homesrv01 kernel: [213100.904649] [UFW AUDIT] IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=156 TOS=0x00 PREC=0x00 TTL=64 ID=46483 DF PROTO=UDP SPT=58239 DPT=58239 LEN=136
May 20 06:46:00 homesrv01 kernel: [213100.904686] [UFW AUDIT] IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 LEN=156 TOS=0x00 PREC=0x00 TTL=64 ID=46483 DF PROTO=UDP SPT=58239 DPT=58239 LEN=136
May 20 06:46:00 homesrv01 kernel: [213100.904749] [UFW AUDIT] IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=453 TOS=0x00 PREC=0x00 TTL=64 ID=36767 DF PROTO=TCP SPT=7337 DPT=52520 WINDOW=382 RES=0x00 ACK PSH URGP=0
May 20 06:46:00 homesrv01 kernel: [213100.904775] [UFW AUDIT] IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 LEN=453 TOS=0x00 PREC=0x00 TTL=64 ID=36767 DF PROTO=TCP SPT=7337 DPT=52520 WINDOW=382 RES=0x00 ACK PSH URGP=0
May 20 06:46:00 homesrv01 kernel: [213100.904813] [UFW AUDIT] IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=40451 DF PROTO=TCP SPT=52520 DPT=7337 WINDOW=384 RES=0x00 ACK URGP=0
May 20 06:46:00 homesrv01 kernel: [213100.904843] [UFW AUDIT] IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=40451 DF PROTO=TCP SPT=52520 DPT=7337 WINDOW=384 RES=0x00 ACK URGP=0
May 20 06:46:01 homesrv01 kernel: [213101.407777] [UFW AUDIT] IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=131 TOS=0x00 PREC=0x00 TTL=64 ID=40452 DF PROTO=TCP SPT=52520 DPT=7337 WINDOW=384 RES=0x00 ACK PSH URGP=0
May 20 06:46:01 homesrv01 kernel: [213101.407817] [UFW AUDIT] IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 LEN=131 TOS=0x00 PREC=0x00 TTL=64 ID=40452 DF PROTO=TCP SPT=52520 DPT=7337 WINDOW=384 RES=0x00 ACK PSH URGP=0
May 20 06:46:01 homesrv01 kernel: [213101.408647] [UFW AUDIT] IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=156 TOS=0x00 PREC=0x00 TTL=64 ID=46484 DF PROTO=UDP SPT=58239 DPT=58239 LEN=136
May 20 06:46:01 homesrv01 kernel: [213101.408685] [UFW AUDIT] IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 LEN=156 TOS=0x00 PREC=0x00 TTL=64 ID=46484 DF PROTO=UDP SPT=58239 DPT=58239 LEN=136
May 20 06:46:01 homesrv01 kernel: [213101.408746] [UFW AUDIT] IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=453 TOS=0x00 PREC=0x00 TTL=64 ID=36768 DF PROTO=TCP SPT=7337 DPT=52520 WINDOW=382 RES=0x00 ACK PSH URGP=0
May 20 06:46:01 homesrv01 kernel: [213101.408771] [UFW AUDIT] IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 LEN=453 TOS=0x00 PREC=0x00 TTL=64 ID=36768 DF PROTO=TCP SPT=7337 DPT=52520 WINDOW=382 RES=0x00 ACK PSH URGP=0
May 20 06:46:01 homesrv01 kernel: [213101.408809] [UFW AUDIT] IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=40453 DF PROTO=TCP SPT=52520 DPT=7337 WINDOW=384 RES=0x00 ACK URGP=0
May 20 06:46:01 homesrv01 kernel: [213101.408839] [UFW AUDIT] IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=40453 DF PROTO=TCP SPT=52520 DPT=7337 WINDOW=384 RES=0x00 ACK URGP=0
May 20 06:46:01 homesrv01 kernel: [213101.911787] [UFW AUDIT] IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=131 TOS=0x00 PREC=0x00 TTL=64 ID=40454 DF PROTO=TCP SPT=52520 DPT=7337 WINDOW=384 RES=0x00 ACK PSH URGP=0
May 20 06:46:01 homesrv01 kernel: [213101.911826] [UFW AUDIT] IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 LEN=131 TOS=0x00 PREC=0x00 TTL=64 ID=40454 DF PROTO=TCP SPT=52520 DPT=7337 WINDOW=384 RES=0x00 ACK PSH URGP=0
May 20 06:46:01 homesrv01 kernel: [213101.912645] [UFW AUDIT] IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=156 TOS=0x00 PREC=0x00 TTL=64 ID=46485 DF PROTO=UDP SPT=58239 DPT=58239 LEN=136
May 20 06:46:01 homesrv01 kernel: [213101.912682] [UFW AUDIT] IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 LEN=156 TOS=0x00 PREC=0x00 TTL=64 ID=46485 DF PROTO=UDP SPT=58239 DPT=58239 LEN=136
May 20 06:46:01 homesrv01 kernel: [213101.912743] [UFW AUDIT] IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=453 TOS=0x00 PREC=0x00 TTL=64 ID=36769 DF PROTO=TCP SPT=7337 DPT=52520 WINDOW=382 RES=0x00 ACK PSH URGP=0
May 20 06:46:01 homesrv01 kernel: [213101.912768] [UFW AUDIT] IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 LEN=453 TOS=0x00 PREC=0x00 TTL=64 ID=36769 DF PROTO=TCP SPT=7337 DPT=52520 WINDOW=382 RES=0x00 ACK PSH URGP=0
May 20 06:46:01 homesrv01 kernel: [213101.912806] [UFW AUDIT] IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=40455 DF PROTO=TCP SPT=52520 DPT=7337 WINDOW=384 RES=0x00 ACK URGP=0
May 20 06:46:01 homesrv01 kernel: [213101.912836] [UFW AUDIT] IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=40455 DF PROTO=TCP SPT=52520 DPT=7337 WINDOW=384 RES=0x00 ACK URGP=0
May 20 06:46:02 homesrv01 kernel: [213102.415783] [UFW AUDIT] IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=131 TOS=0x00 PREC=0x00 TTL=64 ID=40456 DF PROTO=TCP SPT=52520 DPT=7337 WINDOW=384 RES=0x00 ACK PSH URGP=0
May 20 06:46:02 homesrv01 kernel: [213102.415823] [UFW AUDIT] IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 LEN=131 TOS=0x00 PREC=0x00 TTL=64 ID=40456 DF PROTO=TCP SPT=52520 DPT=7337 WINDOW=384 RES=0x00 ACK PSH URGP=0
May 20 06:46:02 homesrv01 kernel: [213102.416650] [UFW AUDIT] IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=156 TOS=0x00 PREC=0x00 TTL=64 ID=46486 DF PROTO=UDP SPT=58239 DPT=58239 LEN=136
May 20 06:46:02 homesrv01 kernel: [213102.416688] [UFW AUDIT] IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 LEN=156 TOS=0x00 PREC=0x00 TTL=64 ID=46486 DF PROTO=UDP SPT=58239 DPT=58239 LEN=136
May 20 06:46:02 homesrv01 kernel: [213102.416749] [UFW AUDIT] IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=453 TOS=0x00 PREC=0x00 TTL=64 ID=36770 DF PROTO=TCP SPT=7337 DPT=52520 WINDOW=382 RES=0x00 ACK PSH URGP=0
May 20 06:46:02 homesrv01 kernel: [213102.416774] [UFW AUDIT] IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 LEN=453 TOS=0x00 PREC=0x00 TTL=64 ID=36770 DF PROTO=TCP SPT=7337 DPT=52520 WINDOW=382 RES=0x00 ACK PSH URGP=0

[Ubek308]

Jeszcze pytanie co bedziesz analizowal.
Automatycznie czy wizualnie linia po linii?

Genrealnie az sie prosi perl zwiekszajacy licznik May 20 06:XX:........

XX=0
Output_NR=0

foreach line ....
Analiza line ...
XX=XX+1
if XX=30
then Output_NR=Output_NR+1 and XX=0
end of foreach

To połowa idei.
Jeszcze gdzies musisz wlozyc przelacznik na minuty od 31 do 59.

[pardi]

Witam,
Chcialbym odnowic ten temat po "malej" przerwie jako ze ciagle nie znalazlem odpowiedzi na moje pytanie.
Dzieki ubek308 ale perl to nie moja najlepsza strona.
W celu uzupelnienia mojego pytania chcialbym dopisac co tak naprawde chce zrobic....
Wiec tak... potrzebuje log ufw.log podzielic na przedzialy czasowe np. 8:00 - 8:30 ; 8:30 - 9:00 itp
w kazdym przedziale musze zanalizowac ile prob polaczen bylo odrzuconych , czyli musze podliczyc ile w kazdym przedziale bylo [UFW DENY]

Dzieki za jakomkolwiek wskazowke...

Pozdro
Pardi

[ethanak]

To może powiedz co jest Twoją mocną stroną, bo nikt tu nie będzie zgadywać (wiemy już że nie Perl).
Ogólnie nie ma co tam dzielić, prosty skrypt w awku się pisze i wrzuca do niego całego loga jak leci, na przykład:

Kod: Zaznacz cały

awk '/UFW DENY/ {b=substr($3,4,1);if (b > 2) b="30";else b="00";a=$1 "-" $2 "-" substr($3,0,3) b ;ile[a] += 1} END {for (i in ile) print i,ile[i]}' < ufw.log

[pardi]

Witam,
Dzieki za pomoc, to jest dokladnie to czego szukalem, probowalem to w pythonie ale sie zakrecilem troche....
i zapomnialem co tez AWK potrafi...

Wielkie dzieki, temat zamniety