#!/usr/bin/perl

$log = "/home/tsec/prototype/logs/extractedlogs/cowrieresult.log";

open(DATA, $log) or die "Can't open '$log': $!";

sub tester(){

while(<DATA>){
        if (/New connection: ([\d\.]+):(\d+)/){
                ($ip,$port) = ($1,$2);
                next;
        }
        chomp;
        if (/login attempt\s+\[(.*)\]\s+(\w+)$/){
                ($user_pass,$status) = ($1,$2);
                $HONEY{$ip}{$port}{$status}{$user_pass} +=1;
                print "DEBUG: Add ip=$ip:$port $status $user_pass\n";
        }
}

for my $ip (keys %HONEY){
        for my $port (keys %{$HONEY{$ip}}){
                for my $user (keys %{$HONEY{$ip}{$port}}){
                        for my $status (keys %{$HONEY{$ip}{$port}}){
                                for my $user_pass (keys %{$HONEY{$ip}{$port}{$status}}){
                                        $freq = $HONEY{$ip}{$port}{$status}{$user_pass};
                                        push(@DATA, "$port,$status,$freq") ;
                                }
                        }
                }
        }
}

for my $data (sort @DATA){
        print $data . "\n";
}


}