#!/usr/bin/perl
## $Id: fwtk-summ,v 1.8 1997/02/10 12:42:34 mi2itmwx Exp $
## ========================================================================
## fwtk-summ -- Summarise FWTK logs
## Author          : Mike Williams <mikew@pemail.net>
## ========================================================================

#=== Config ===============================================================

$top_max = 20;			# number of items to show in "top" lists

#=== Report printing routines =============================================

sub kB {
    local ($bytes) = @_;
    int( $bytes / 1024 );
}

#=== Collect stats ========================================================

while (<>) {
    
    @_ = split;

    if (/ (\S+)\[\d+\]: deny host=(\S+) (.*)/) {

	# $deny++;
	$deny_by_reason{$1,$2,$3}++;

    } elsif (/ tn-gw\[\d+\]: exit host=(\S+).* in=(\S+) out=(\S+) user=(\S+)/) {

	$tn_connect++;
	$tn_connect_by_host{$1}++;
	$tn_in += $2;
	$tn_out += $3;
	$tn_in_by_host{$1} += $2;
	$tn_out_by_host{$1} += $3;

    } elsif (/ ftp-gw\[\d+\]: exit host=(\S+).* in=(\S+) out=(\S+) user=(\S+)/) {

	$ftp_connect++;
	$ftp_connect_by_host{$1}++;
	$ftp_in += $2;
	$ftp_out += $3;
	$ftp_in_by_host{$1} += $2;
	$ftp_out_by_host{$1} += $3;

    } elsif (/ http-gw\[\d+\]: exit host=(\S+).* in=(\S+) out=(\S+) user=(\S+)/) {

	$http_connect++;
	$http_connect_by_host{$1}++;
	$http_in += $2;
	$http_out += $3;
	$http_in_by_host{$1} += $2;
	$http_out_by_host{$1} += $3;

    } elsif (/ http-gw\[\d+\]: log .* cmd=get dest=([^ :]+)/) {

	# $http_gets++;
	$http_gets_by_dest{$1}++;

    } elsif (/ plug-gw\[\d+\]: disconnect host=(\S+) destination=(\S+) in=(\S+) out=(\S+) duration=(\S+)/) {

	$plug_connect++;
	$plug_in += $3;
	$plug_out += $4;
	$plug_time += $5;
	$plug_connect_by_plug{$1,$2}++;
	$plug_in_by_plug{$1,$2} += $3;
	$plug_out_by_plug{$1,$2} += $4;
	$plug_time_by_plug{$1,$2} += $5;

    } elsif (/ authsrv\[\d+\]: /) {

	if (/: AUTHENTICATE (\S+)/) {
	    $auth_user{$1}++;
	    $auth_okay{$1}++;
	} elsif (/: BADAUTH (\S+)/) {
	    $auth_user{$1}++;
	    $auth_bad{$1}++;
	} elsif (!/LIST/) {
	    s/.* authsrv\[\d+\]: //;
	    $authops .= $_;
	}

    } elsif (($host,$bytes,$from,$to) =
	     / smap\[\d+\]: host=(\S+) bytes=(\S+) from=(\S+) to=(\S+)/) {

	$from =~ tr/A-Z/a-z/;
	$to =~ tr/A-Z/a-z/;

	$smap_messages++;
	$smap_messages_by_host{$host}++;
	$smap_messages_by_sender{$from}++;
	$smap_messages_by_recipient{$to}++;
	$smap_bytes += $bytes;
	$smap_bytes_by_host{$host} += $bytes;
	$smap_bytes_by_sender{$from} += $bytes;
	$smap_bytes_by_recipient{$to} += $bytes;
	
    } elsif (/ netacl\[\d+\]: permit host=(\S+) service=(\S+) /) {

	$netacl_by_service_and_host{$2,$1}++;

    }

}

#=== Authentication management ============================================

if ($authops) {

    print <<EOF;

** Authentication Management Operations
Message
-------
EOF
    print $authops;

}

#=== Authentications ======================================================

if (keys %auth_user) {

    print <<EOF;

** User Authentications
User         Okay  Bad
----	     ----  ---
EOF

    for $user (sort keys %auth_user) {
	printf( "%-12s %4d %4d\n", $user, $auth_okay{$user}, $auth_bad{$user} );
    }

}

#=== Rejected connections =================================================

if (keys %deny_by_reason) {

    print <<EOF;

*** Rejected connections
Tries  Service  Host/Address			     Reason
-----  -------  ------------		     	     ------
EOF

    for $key (sort keys %deny_by_reason) {
	$attempts = $deny_by_reason{$key};
	($service, $host, $reason) = split( $;, $key ); 
	printf( "%5d  %-8s %-36s %s\n", $attempts, $service, $host, $reason );
    }

}

#=== TELNET usage =========================================================

if (keys %tn_connect_by_host) {

    print <<EOF;

*** TELNET usage
Connects  In(kB) Out(kB)  Host/Address
--------  ------ -------  ------------
EOF

    for $host (sort { ($tn_connect_by_host{$b} <=> 
		       $tn_connect_by_host{$a} ||
		       $a cmp $b) }
	       keys %tn_connect_by_host) {
	printf( "%8d %7d %7d  %-40s\n",
	       $tn_connect_by_host{$host}, 
	       &kB( $tn_in_by_host{$host} ), &kB( $tn_out_by_host{$host} ), 
	       $host );
    }
    print( ' ' x 26, '=' x 10, "\n" );
    printf( "%8d %7d %7d  TOTAL\n", 
	   $tn_connect, &kB($tn_in), &kB($tn_out) );

}

#=== FTP usage ============================================================

if (keys %ftp_connect_by_host) {

    print <<EOF;

*** FTP usage
Connects  In(kB) Out(kB)  Host/Address
--------  ------ -------  ------------
EOF

    for $host (sort { ($ftp_connect_by_host{$b} <=> 
		       $ftp_connect_by_host{$a} ||
		       $a cmp $b) }
	       keys %ftp_connect_by_host) {
	printf( "%8d %7d %7d  %-40s\n",
	       $ftp_connect_by_host{$host}, 
	       &kB( $ftp_in_by_host{$host} ), &kB( $ftp_out_by_host{$host} ), 
	       $host );
    }
    print( ' ' x 26, '=' x 10, "\n" );
    printf( "%8d %7d %7d  TOTAL\n", 
	   $ftp_connect, &kB($ftp_in), &kB($ftp_out) );

}

#=== HTTP usage ===========================================================

if (keys %http_connect_by_host) {

    print <<EOF;

*** HTTP usage
Connects  In(kB) Out(kB)  Host/Address
--------  ------ -------  ------------
EOF
    
    for $host (sort { ($http_connect_by_host{$b} <=> 
		       $http_connect_by_host{$a} ||
		       $a cmp $b) }
	       keys %http_connect_by_host) {
	printf( "%8d %7d %7d  %-40s\n",
	       $http_connect_by_host{$host}, 
	       &kB( $http_in_by_host{$host} ), &kB( $http_out_by_host{$host} ), 
	       $host );
    }
    print( ' ' x 26, '=' x 10, "\n" );
    printf( "%8d %7d %7d  TOTAL\n", 
	   $http_connect, &kB($http_in), &kB($http_out) );

}

if (keys %http_gets_by_dest) {

    print <<EOF;

*** Top $top_max HTTP destinations
    Gets  Host/Address
    ----  ------------
EOF

    $top = 0;
    for $dest (sort { ($http_gets_by_dest{$b} <=> $http_gets_by_dest{$a} ||
		       $a cmp $b) }
	       keys %http_gets_by_dest ) {
	last if (++$top > $top_max);
	printf( "%8d  %-40s\n", $http_gets_by_dest{$dest}, $dest );
    }
    
}

#=== PLUG-GW usage ========================================================

if (keys %plug_connect_by_plug) {

    print <<EOF;

*** PLUG-GW usage
Connects  In(kB) Out(kB)  To/From
--------  ------ -------  ----------
EOF

    for $plug (sort { ($plug_connect_by_plug{$b} <=> 
		       $plug_connect_by_plug{$a} ||
		       $a cmp $b) }
	       keys %plug_connect_by_plug) {
	my ($from, $to) = split( $;, $plug );
	printf( "%8d %7d %7d  %s\n",
	       $plug_connect_by_plug{$plug}, 
	       &kB( $plug_in_by_plug{$plug} ), 
	       &kB( $plug_out_by_plug{$plug} ), 
	       $to );
	print( ' ' x 29, $from, "\n" );
    }
    print( ' ' x 26, '=' x 10, "\n" );
    printf( "%8d %7d %7d  TOTAL\n", 
	   $plug_connect, &kB($plug_in), &kB($plug_out) );

}

#=== SMAP usage ===========================================================

if ($smap_messages) {

    print <<EOF;

*** Top $top_max SMTP clients
Messages Thru(kB)  Host/Address
-------- --------  ------------
EOF

    $top = 0;
    for $host (sort 
	       { ($smap_messages_by_host{$b} <=> $smap_messages_by_host{$a} ||
		  $smap_bytes_by_host{$b} <=> $smap_bytes_by_host{$a} ||
		  $a cmp $b) }
	       keys %smap_messages_by_host) {
	last if (++$top > $top_max);
	printf( "%8d %8d  %-60s\n",
	       $smap_messages_by_host{$host}, 
	       &kB( $smap_bytes_by_host{$host} ),
	       $host );
    }
    print( ' ' x 19, '=' x 10, "\n" );
    printf( "%8d %8d  TOTAL\n", $smap_messages, &kB($smap_bytes) );

    print <<EOF;

*** Top $top_max SMTP senders
Messages Thru(kB)  Sender
-------- --------  ------
EOF

    $top = 0;
    for $sender (sort { ($smap_messages_by_sender{$b} <=> 
			 $smap_messages_by_sender{$a} ||
			 $smap_bytes_by_sender{$b} <=> 
			 $smap_bytes_by_sender{$a} ||
			 $a cmp $b) }
		 keys %smap_messages_by_sender) {
	last if (++$top > $top_max);
	printf( "%8d %8d  %-60s\n",
	       $smap_messages_by_sender{$sender}, 
	       &kB( $smap_bytes_by_sender{$sender} ),
	       $sender );
    }

    print <<EOF;

*** Top $top_max SMTP recipients
Messages Thru(kB)  Recipient
-------- --------  ---------
EOF

    $top = 0;
    for $recipient (sort { ($smap_messages_by_recipient{$b} <=> 
			    $smap_messages_by_recipient{$a} || 
			    $smap_bytes_by_recipient{$b} <=> 
			    $smap_bytes_by_recipient{$a} || 
			    $a cmp $b) }
		 keys %smap_messages_by_recipient) {
	last if (++$top > $top_max);
	printf( "%8d %8d  %-60s\n",
	       $smap_messages_by_recipient{$recipient}, 
	       &kB( $smap_bytes_by_recipient{$recipient} ),
	       $recipient );
    }

}

#=== Netacl connections =================================================

if (keys %netacl_by_service_and_host) {

    print <<EOF;

*** netacl connections
Connects Service    Host/Address
-------- -------    ------------
EOF

    for $key (sort keys %netacl_by_service_and_host) {
	($service, $host) = split( $;, $key ); 
	printf( "%8d %-10s %-40s\n", $netacl_by_service_and_host{$key},
	       $service, $host );
    }

}

##=== END of fwtk-summ ====================================================