#!/usr/local/bin/perl 
#
#       ACLlogscan.pl -- a script to summarise ACL log files
#
# Set behaviour
$log="H:/sys075/acls/local7.log";	# absolute path of ACL log file
$ntop=40;				# shows the top ten results(number can be changed i.e.if 					# the number
					# is changed to 20 then you would see the top 20 results)



chomp ($acl=$ARGV[0]);			# User can enter a specific acl number
if ($acl == "") { $acl=".*"};		# if nothing is entered then

open(LOG , "<$log") or die;		# open the log file stated in the behaviour set
   
while (<LOG>) {				
 if (/IPACCESSLOGP: list $acl denied ([tcpudim]+) ([0-9.]+)\(([0-9]+)\) -> ([0-9.]+)\(([0-9]+)\), ([0-9]+) /) {				# pattern matching line
   $x=$6;
   $srca{$2}+=$x;
   $foo=sprintf("%16s  -> %16s  %3s port %-6s",$2,$4,$1,$5);
   $moo=sprintf("%3s port %-6s",$1,$5);
   
   $quad{$foo}+=$x;
   $port{$moo}+=$x;
   
 }
}
$n=0;
printf ("Connection Summary:\n");
foreach $i (sort { $quad{$b} <=> $quad{$a} } keys %quad) {
   if ($n++ >= $ntop) { last };
   printf ("%6s:%s\n", $quad{$i},$i);
}