Linux Shell 脚本 过滤NetScreen防火墙日志

Home » 编程开发 » Linux Shell 脚本 过滤NetScreen防火墙日志

一直想学习Linux,可是没得时间。前二天,要求二天现场支持,这二天的时间,看了一些学习资料。看到公司的防火墙日志,试着过滤一下。

防火墙日志如下:

2011-09-30 00:00:20 Local0.Notice 10.2.0.254 ns50: NetScreen device_id=0019022004000299 [Root]system-notification-00257(traffic): start_time=”2011-09-30 00:01:05″ duration=15 policy_id=103 service=http proto=6 src zone=Trust dst zone=Untrust action=Permit sent=2683 rcvd=766 src=10.100.1.43 dst=119.188.11.3 src_port=4048 dst_port=80 src-xlated ip=218.206.244.202 port=4679 dst-xlated ip=119.188.11.3 port=80 session_id=61727 reason=Close – AGE OUT<000>2011-09-30 00:00:20 Local0.Notice 10.2.0.254 ns50: NetScreen device_id=0019022004000299 [Root]system-notification-00257(traffic): start_time=”2011-09-30 00:01:05″ duration=15 policy_id=103 service=http proto=6 src zone=Trust dst zone=Untrust action=Permit sent=2674 rcvd=766 src=10.100.1.43 dst=119.188.11.3 src_port=4045 dst_port=80 src-xlated ip=218.206.244.202 port=15311 dst-xlated ip=119.188.11.3 port=80 session_id=62271 reason=Close – AGE OUT<000>2011-09-30 00:00:20 Local0.Notice 10.2.0.254 ns50: NetScreen device_id=0019022004000299 [Root]system-notification-00257(traffic): start_time=”2011-09-30 00:01:05″ duration=15 policy_id=103 service=http proto=6 src zone=Trust dst zone=Untrust action=Permit sent=2645 rcvd=766 src=10.100.1.43 dst=119.188.11.3 src_port=4044 dst_port=80 src-xlated ip=218.206.244.202 port=14295 dst-xlated ip=119.188.11.3 port=80 session_id=59240 reason=Close – AGE OUT<000>2011-09-30 00:00:20 Local0.Notice 10.2.0.254 ns50: NetScreen device_id=0019022004000299 [Root]system-notification-00257(traffic): start_time=”2011-09-30 00:01:05″ duration=15 policy_id=103 service=http proto=6 src zone=Trust dst zone=Untrust action=Permit sent=1485 rcvd=482 src=10.100.1.43 dst=119.188.11.3 src_port=4051 dst_port=80 src-xlated ip=218.206.244.202 port=13926 dst-xlated ip=119.188.11.3 port=80 session_id=54785 reason=Close – AGE OUT<000>2011-09-30 00:00:20 Local0.Notice 10.2.0.254 ns50: NetScreen device_id=0019022004000299 [Root]system-notification-00257(traffic): start_time=”2011-09-30 00:01:05″ duration=15 policy_id=103 service=http proto=6 src zone=Trust dst zone=Untrust action=Permit sent=2682 rcvd=766 src=10.100.1.43 dst=119.188.11.3 src_port=4046 dst_port=80 src-xlated ip=218.206.244.202 port=13692 dst-xlated ip=119.188.11.3 port=80 session_id=60623 reason=Close – AGE OUT<000>2011-09-30 00:00:20 Local0.Notice 10.2.0.254 ns50: NetScreen device_id=0019022004000299 [Root]system-notification-00257(traffic): start_time=”2011-09-30 00:01:05″ duration=15 policy_id=103 service=http proto=6 src zone=Trust dst zone=Untrust action=Permit sent=2605 rcvd=766 src=10.100.1.43 dst=119.188.11.3 src_port=4043 dst_port=80 src-xlated ip=218.206.244.202 port=13520 dst-xlated ip=119.188.11.3 port=80 session_id=62996 reason=Close – AGE OUT<000>

想获得每条日志的sent 数据,Recv数据,src源地址及dst目的地址,脚本如下:

#!/bin/sh

if [ ! -d /var/tmp ] ; thenmkdir /var/tmpfi

if [ -e /var/tmp/sysn ] ; then rm /var/tmp/sysnfi

#$1为命令行的每一个参数,,这里是防火墙日志的文件路经echo ” awk { for(i=1;i<=NF;i++) { if( $i~ /sent/ ) print $i,i++,$i,i++,$i,i++,$i } } ‘ $1 | awk ‘{ print $1,$3,$5,$7 }’ >/var/tmp/sysn”echo -e “……………………………..”

#按照模式取出字符串类似sent=1132recv=3434 src=10.100.1.32 dst=211.138.24.66awk ‘{ for(i=1;i<=NF;i++) { if( $i~ /sent/ ) print $i,i++,$i,i++,$i,i++,$i } } ‘ $1 | awk ‘{ print $1,$3,$5,$7 }’ >/var/tmp/sysnif [ -e /var/tmp/sysnn ] ; thenrm /var/tmp/sysnnfi

echo ” sed ‘s/=/ /g’ /var/tmp/sysn >/var/tmp/sysnn”echo -e “……………………………..”

#将=换成空格

sed ‘s/=/ /g’ /var/tmp/sysn >/var/tmp/sysnn

if [ -e /var/tmp/sysnnn ] ; thenrm /var/tmp/sysnnnfi

echo “awk ‘{ sent[$6] += $2;Recv[$6] += $4 } END { for(i in sent) print i,”\t\t”, sent[i],”\t\t”,Recv[i] }’ /var/tmp/sysnn >/var/tmp/sysnnn”echo -e “……………………………..”

#统计每个地址的sent和recv总数awk ‘{ sent[$6] += $2;Recv[$6] += $4 } END { for(i in sent) print i,”\t\t”, sent[i],”\t\t”,Recv[i] }’ /var/tmp/sysnn >/var/tmp/sysnnn

if [ -e /var/tmp/sysnnnn ] ; then

rm /var/tmp/sysnnnn

fi

#按sent排序 cat /var/tmp/sysnnn | sort -n -r -k 2 | grep ‘^10\.’ >/var/tmp/sysnnnn

/bin/echo -e “IP\t\t\tSend bytes(B)\t\tRecv bytes(B)\n=====================================================================”

#命令行第二个参数,按recv排序

if [ “$2” = “recv” ] ; then cat /var/tmp/sysnnnn | sort -n -r -k 3else cat /var/tmp/sysnnnnfi

if [ -e /var/tmp/sysn ] ; then rm /var/tmp/sysnfi

if [ -e /var/tmp/sysnn ] ; thenrm /var/tmp/sysnnfi

if [ -e /var/tmp/sysnnn ] ; then rm /var/tmp/sysnnnfi

if [ -e /var/tmp/sysnnnn ] ; thenrm /var/tmp/sysnnnnfi

应用如下:

./syslogana /usr/Syslog2011-09-30.txt –按sent排序

或./syslogana /usr/Syslog2011-09-30.txt recv –按recv排序

[orcle@localhost ~]$ ./syslogana /usr/Syslog2011-09-30.txtawk { for(i=1;i<=NF;i++) { if( ~ /sent/ ) print ,i++,,i++,,i++, } } ‘ Syslog2011-09-30.txt | awk ‘{ print Syslog2011-09-30.txt,,, }’ >/var/tmp/sysn……………………………..sed ‘s/=/ /g’ /var/tmp/sysn >/var/tmp/sysnn……………………………..awk ‘{ sent[] += ;Recv[] += } END { for(i in sent) print i,tt, sent[i],tt,Recv[i] }’ /var/tmp/sysnn >/var/tmp/sysnnn……………………………..IP Send bytes(B) Recv bytes(B)=====================================================================10.2.0.195 389190206 3.21879e+0910.2.0.230 133985217 133386378710.2.0.240 86287521 50698167110.100.1.240 69406016 13480948610.2.0.249 56816187 14380941210.2.0.245 40095561 5869195010.2.0.228 36652824 18304863010.2.0.194 27172677 8062195710.2.0.252 23434488 9307896210.100.5.252 20701571 14683126610.2.0.241 18873421 65888402

我想有一天和你去旅行。去那没有去过的地方,

Linux Shell 脚本 过滤NetScreen防火墙日志

相关文章:

你感兴趣的文章:

标签云:

亚洲高清电影在线, 免费高清电影, 八戒影院夜间, 八戒电影最新大片, 出轨在线电影, 午夜电影院, 在线影院a1166, 在线电影院, 在线观看美剧下载, 日本爱情电影, 日韩高清电影在线, 电影天堂网, 直播盒子app, 聚合直播, 高清美剧, 高清美剧在线观看 EhViewer-E站, E站, E站绿色版, qqmulu.com, qq目录网, qq网站目录,