#!/usr/bin/perl # tell the web browser we're going to send it HTML text it needs to process # instead of plain text which it can display without processing print "Content-Type: text/html\n\n"; # variables $debug = 0; $linenumber = 0; $error = 0; # Version history # 1.0.0 Original program written # 1.1.0 Changed the output to HTML 4.01 compliant # 2.0.0 Changed the IP addresses to 4 sets of 3 numbers for ease of readability # 2.1.0 Added the ability of checking whois to the IP addresses with a single click # 2.1.1 Added comments and version number for addition to the CPAN archives # 2.1.2 Added better error handling # 2.2.0 changed the local net address selection and added both local net selections. # $version = "GetLog version 2.2.0"; # The location of an apache log file in the following format # # 10.0.1.1 - - [15/Jan/2005:01:09:18 -0500] "GET /cgi-bin/getagentlog.cgi HTTP/1.1" 200 59734 # $mylogfilename = "/private/var/log/httpd/access_log"; $mytitle = "Access log"; # Create an error message if ($debug == 1) { $errormessage = join( "", "

Cannot open the access logs.
\n", $mylogfilename, "

\n\n"); } else { $errormessage = "\n\n

Cannot open the log file.

\n\n\n"; } # print a HTML header for the display print "\n"; print "\n"; print "\n"; print " ",$mytitle," \n"; print " \n"; print " \n"; print "\n"; print "\n"; print "\n\n\n\n
\n"; print "

",$mytitle,"

\n"; print "

",$version,"

\n"; print "
\n

line number - IP address - date/time - method - file - protocol - result code - bytes served

\n"; print "
    Result codes\n"; print "
  • 200 - file found and served
    • \n"; print "
  • 302 - file moved
    • \n"; print "
  • 304 - file has not changed
    • \n"; print "
  • 404 - file not found
    • \n"; print "
  • 500 - file access error, somebody tried to access a file outside the web server folder.
    • \n"; print "
\n"; print "
\n\n\n"; # Open up the log file open(LOGFILE, $mylogfilename) or $error = 1; if ($error == 1) { print $errormessage; } else { # get the data @data = ; foreach $line(@data) { # get rid of the overload logs that Apache cannot filter out if (($line =~ m/^.*\"SEARCH.*\"/) or ($line =~ m/^.*\"CONNECT.*\"/)) { } else { # filter out the local net addresses (10.0.1.x and 192.168.1.x) if (($line =~ m/^10\D0\D1\D*/) or ($line =~ m/^192\D168\D1\D*/)) { } else { # convert the numbers into 3 digits each for easier readability # match first number in ip address if ($line =~ m/^\d\D/) { $first = join("","00",substr($line,0,1)); $line =~ s/^\d\D//; } elsif ($line =~ m/^\d\d\D/) { $first = join("","0",substr($line,0,2)); $line =~ s/^\d\d\D//; } else { $first = substr ($line,0,3); $line =~ s/^\d\d\d\D//; }; # match second number in ip address if ($line =~ m/^\d\D/) { $second = join("","00",substr($line,0,1)); $line =~ s/^\d\D//; } elsif ($line =~ m/^\d\d\D/) { $second = join("","0",substr($line,0,2)); $line =~ s/^\d\d\D//; } else { $second = substr ($line,0,3); $line =~ s/^\d\d\d\D//; }; # match third number in ip address if ($line =~ m/^\d\D/) { $third = join("","00",substr($line,0,1)); $line =~ s/^\d\D//; } elsif ($line =~ m/^\d\d\D/) { $third = join("","0",substr($line,0,2)); $line =~ s/^\d\d\D//; } else { $third = substr ($line,0,3); $line =~ s/^\d\d\d\D//; }; # match fourth number in ip address if ($line =~ m/^\d\D/) { $fourth = join("","00",substr($line,0,1)); $line =~ s/^\d\D//; } elsif ($line =~ m/^\d\d\D/) { $fourth = join("","0",substr($line,0,2)); $line =~ s/^\d\d\D//; } else { $fourth = substr ($line,0,3); $line =~ s/^\d\d\d\D//; }; # convert the IP back into 4 digits $ip = join(".", $first, $second, $third, $fourth); # The URL of the whois server query $whois = join("", "http://ws.arin.net/cgi-bin/whois.pl?queryinput=", $ip); $linenumber++; $line =~ s/\n//; print "

",$linenumber,": ",$ip," ",$line,"

\n"; }; }; }; close(LOGFILE); if ($linenumber == 0) { print "

No log entries at this time. The log has just been freshly cleaned.

\n"; }; }; # print the HTML footer print "\n\n
\n"; print "

The End

\n
\n"; print "
\n"; print "\n",; print "\n\n"; exit 0 ;