#!/usr/bin/perl system("clear"); use DBI; use Mail::Sendmail; $red="\033[31m"; $green="\033[32m"; $yellow="\033[33m"; $blue="\033[34m"; $cyan="\033[36m"; $ct=0; $cnct="$green YES $white"; $vxd=0; @denies =("deny","TCPZSPconnectionZSPdenied","was2","real","probe"); @ibm =("configured","rp01","ibmproxy","failed","login","timeZSPout","images","http"); @forbids =("forbid","caution"); @pix =("PIX","warning","IP","from","disconnect","connect","idsn","interface","serial","0x14"); @errors =("link","error","fast","ethernet"); @interfc =("console","changedZSPstateZSPto","up","down","failed","operational"); @trans =("snort","noZSPtranslationZSPgroup","noZSPxlate","portscan","udp","tcp"); @snort =("large","packet","bad","traffic","inbound","attempt","web","IIS","cmd.exe","cgi","access","multiple","decode"); @prior =("Priority:ZSP1","Priority:ZSP2","Priority:ZSP3","Priority:ZSP4","Priority:ZSP5","Priority:ZSP6","Priority:ZSP7","Priority:ZSP8","Priority:ZSP9","Priority:ZSP10",); @watcher=("@pix","@denies","@ibm","@errors","@forbids","@interfc","@trans","@snort","@prior"); my $database = DBI->connect("DBI:mysql:pixter",'root','') or $cnct="$red NO $white"; print "$cyan VERSION 1.4b \n"; print "AUTHOR: Justin R Carlson\n"; print "Database Linked with Application -$cnct \n"; if($cnct=~/NO/i){ print "\n $yellow CAUTION: $red THE DATABASE IS NOT LINKED, NOTHING FOR THIS SESSION WILL BE SAVED $white \n"; print "\n $yellow CAUTION: $red DATABASE NOT READY, NOT ACTIVE, or Dead. $white \n"; } for ($i=0; $i<$#watcher+1; $i++){ $watch="$watcher[$i]"; $global=0; @global=split(/ /,$watch); for ($x=0;$x<$#global+1;$x++){ $vxd++; if($global[$x]=~/ZSP/i){ @ret=split(/ZSP/,$global[$x]); $global[$x]=""; $global[$x]=join(' ',@ret); } $spy[$ct]=$global[$x]; $ct++; } } print "\n $vxd total tags \n $white"; while(<>){ $input = $_; @format=split (/:/,$input); @cellmail=split(/ /,$input); $findings=""; for ($r=0; $r<$#spy+1; $r++){ if($input=~/$spy[$r]/i){ $findings="$findings $spy[$r],"; $fn++; } } if($fn>0){ $findings=~s/,//g; $findings=~s/ /_/g; $findings=~s/\///g; $log="$findings"; $log=~s/:/_/g; $log=~s/\./_/g; $log=~s/___/_/g; $log=~s/__/_/g; $script = "CREATE TABLE IF NOT EXISTS `$log` (id INT (100) not null AUTO_INCREMENT, log1 CHAR (255) not null, log2 CHAR (255) not null, log3 CHAR (255) not null, log4 CHAR (255) not null, log5 CHAR (255) not null, log6 CHAR (255) not null, log7 CHAR (255) not null, log8 CHAR (255) not null, log9 CHAR (255) not null, log10 CHAR (255) not null, log11 CHAR (255) not null, log12 CHAR (255) not null, log13 CHAR (255) not null, log14 CHAR (255) not null, log15 CHAR (255) not null, log16 CHAR (255) not null, log17 CHAR (255) not null, log18 CHAR (255) not null, log19 CHAR (255) not null, log20 CHAR (255) not null, log21 CHAR (255) not null, log22 CHAR (255) not null, log23 CHAR (255) not null, log24 CHAR (255) not null, log25 CHAR (255) not null, PRIMARY KEY (id))"; my $sql = $database->prepare_cached($script); $sql->execute(); $sql->finish(); $fn=0; @writer=split(" ",$input); $t=$#writer; if($t<2){ $script="INSERT INTO $log (id,log1) VALUES ('','$_')"; } else { $script="INSERT INTO $log (id,log1,log2,log3,log4,log5,log6,log7,log8,log9,log10,log11,log12,log13,log14,log15,log16,log17,log18,log19,log20,log21,log22,log23,log24,log25) VALUES ('','$writer[0]','$writer[1]','$writer[2]','$writer[3]','$writer[4]','$writer[5]','$writer[6]','$writer[7]','$writer[8]','$writer[9]','$writer[10]','$writer[11]','$writer[12]','$writer[13]','$writer[14]','$writer[15]','$writer[16]','$writer[17]','$writer[18]','$writer[19]','$writer[20]','$writer[21]','$writer[22]','$writer[23]','$writer[24]')"; } my $sql = $database->prepare_cached($script); $sql->execute(); $sql->finish(); } }