#!/usr/bin/perl -w
# Written by Eli K. Breen
# NIMDA Apache Log Analyser
# V 1.02
#       
# 1.01 - Oct09 2001- Changed output to printf instead of print
# 1.02 - Oct30 2001- Added Date output and default log check
#
# Usage: ./MISS.PRISS.pl /some/directory/apache_access.logfile |sort
#(usually /var/log/httpd-access.log)
#
$DefaultLog = "/var/log/httpd-access.log";      # Setting default log 
+file
                                        # Without this line you need t
+o specify...
                                        #       'NIMDA.pl /somedir/som
+eapachelog'
$IPHash{"127.0.0.1"} = "0";             # Initialize the %IPHash
@DateArray = localtime; $DateArray[5] += 1900; $DateArray[4] += 1; $Da
+teArray[2] =~ s/^\d\b/0$DateArray[2]/; $DateArray[1] =~ s/^\d\b/0$Dat
+eArray[1]/;
if ( $#ARGV <= 0 ) { $ARGV[0] = $DefaultLog; print "Last Updated $Date
+Array[5]-$DateArray[4]-$DateArray[3] $DateArray[2]\:$DateArray[1].$Da
+teArray[0]\n";print STDERR "Logfile not specified, trying $DefaultLog
+...\n" };
@lineArray = (grep /cmd.exe/, <>);      # For every line in log contai
+ning 'cmd.exe'
foreach $line (@lineArray)      {       # For every occurance of 'cmd.
+exe' in array
        @splitLine = split /\ /, $line; # Grab just the IP address at 
+the begining
                $IPHash{$splitLine[0]}++
                                };
@keylist = (keys(%IPHash));
foreach $IPKey (sort @keylist)
{
        printf "%-6s %10s\n", $IPHash{$IPKey}, $IPKey;
        $IPCount += $IPHash{$IPKey};
};
#sub bytry      {       #Sort records by number of attempts
        printf "%15s %10s\n", "Total:", $IPCount;

[download]

In reply to MISS.PRISS - NIMDA request logger by torinedge

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.