Commit b8146431 authored by Cool Fire (HN)'s avatar Cool Fire (HN)

More work on scraper

parent fe993be7
#!/usr/bin/env ruby
require 'date'
# Some configuration parameters
fw_logfile = '/home/coolfire/fw_block.log'
f2b_logfile = '/var/log/fail2ban.log'
iplist = Array.new
# Get the date
date = Date.today.prev_day
day = date.day
month = date.month
year = date.year
fw_date = "#{month}/#{day}/#{year}"
f2b_date = "#{year}-#{month}-#{day}"
# Parse suricata firewall log
fh = File.open(fw_logfile, 'r')
fh.each_line do |line|
# Check if it's a brute force attempt
if(line =~ /brute/i)
# Parse out variables
chunks = line.split(',')
date = chunks[0]
ip = chunks[9]
# Check if line from yesterday
if(date =~ /^#{fw_date}/)
# Check if we have this IP in the list already
if(!iplist.contains?(ip))
iplist.push(ip)
end
end
end
end
fh.close
# Parse Fail2ban log
fh = File.open(f2b_logfile, 'r')
fh.each_line do |line|
# Check if it's a ban action
if(line =~ /Ban /)
# Parse out variables
chunks = line.split(' ')
date = chunks[0]
ip = chunks[6]
end
# Check if line from yesterday
if(date =~ /^#{f2b_date}/)
# Check if we have this IP in the list already
if(!iplist.contains?(ip))
iplist.push(ip)
end
end
end
fh.close
# Process list of agragated IP addresses
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment