These are the logtypes files.

Best regards,
-- 
Julien Miotte
Elève ingénieur en 5e année à l'ESIREM (Dijon)
Section InfoTronique,
Spécialité Sécurité et Qualité des Architectures des Réseaux.


(dp0
S'fields'
p1
(dp2
S'SIP'
p3
(I3
S'Source IP'
p4
S'ipv4'
p5
S'sip'
p6
S'$sip'
p7
S''
p8
S'true'
p9
tp10
sS'Proto'
p11
(I2
g8
S'timeline'
p12
S'time'
p13
S'$time'
p14
g8
S'false'
p15
tp16
sS'Time'
p17
(I1
g8
g12
g13
g14
g8
g15
tp18
sS'DPort'
p19
(I6
S'Destination Port'
p20
S'integer'
p21
S'dport'
p22
S'$dport'
p23
g8
g9
tp24
sS'SPort'
p25
(I5
S'Source Port'
p26
g21
S'sport'
p27
S'$sport'
p28
g8
g9
tp29
sS'DIP'
p30
(I4
S'Destination IP'
p31
g5
S'dip'
p32
S'$dip'
p33
g8
g9
tp34
ssS'name'
p35
S'argus'
p36
sS'mapping'
p37
S'\\d+-\\d+-\\d+ 
(\\d+:\\d+:\\d+).\\d+.*(udp|tcp).*(\\d+.\\d+.\\d+.\\d+)\\.(\\d+).*(\\d+.\\d+.\\d+.\\d+)\\.(\\d+).*'
p38
s.
import pickle
logtype={}
fields={}

logtype['fields']=fields
logtype['name']="argus"
logtype['mapping']="\d+-\d+-\d+ (\d+:\d+:\d+).\d+.*(udp|tcp).*(\d+.\d+.\d+.\d+)\.(\d+).*(\d+.\d+.\d+.\d+)\.(\d+).*"

#                  0           1          2        3                  4               5                  6
# fields[Label]=(Position, Description, Type, Variable picviz, Variable perl, Process post mapping, Relative)

fields['Time']=(1,"","timeline","time","$time","","false")
fields['Proto']=(2,"","timeline","time","$time","","false")
fields['SIP']=(3,"Source IP","ipv4","sip","$sip","","true")
fields['DIP']=(4,"Destination IP","ipv4","dip","$dip","","true")
fields['SPort']=(5,"Source Port","integer","sport","$sport","","true")
fields['DPort']=(6,"Destination Port","integer","dport","$dport","","true")

o=open("argus.ltp","w")
pickle.dump(logtype,o)
import pickle 
logtype={}
fields={}

logtype['fields']=fields
logtype['name']="dansGuardian"
logtype['mapping']="^([^\,]*)\,([^\,]*)\,([^\,]*)\,([^\,]*)\,([^\,]*)\,([^\,]*)\,([^\,]*)\,([^\,]*)\,([^\,]*)\,([^\,]*)\,([^\,]*)\,([^\,]*)\,([^\,]*)\,([^\,]*)\,([^\,]*)"

#                  0           1          2        3                  4               5                  6
# fields[Label]=(Position, Description, Type, Variable picviz, Variable perl, Process post mapping, Relative)

fields['Time']=(1,"Time when the request was done","timeline","t","$time",12*" "+"# Time process\n"+12*" "+"if ($time =~ m/^\S* (\d+:\d+):\d+/) {\n"+16*" "+"$time=$1;\n"+12*" "+"}\n","false")
fields['Login']=(2,"User making the request","string","n","$name",12*" "+"# Login process\n"+12*" "+"if ($name =~ m/(\w*)\.(\w*)/) {\n"+16*" "+"$first = $1;\n"+16*" "+"$last = $2;\n"+12*" "+"}\n"+12*" "+"else {\n"+16*" "+"$last=$name;\n"+16*" "+"$first=\"\";\n"+12*" "+"}\n"+12*" "+"$name=\"$last $first\";\n","true")
fields['IP']=(3,"IP address used by the user","ipv4","i","$ipaddr",12*" "+"# IP process\n"+12*""+"if ($ipaddr =~ m/(\d*)\.(\d*)\.(\d*)\.(\d*)/) {\n"+16*" "+"$a=$1;\n"+16*" "+"$b=$2;\n"+16*" "+"$c=$3;\n"+16*" "+"$d=$4;\n"+16*" "+"$ipaddr=\"$d.$c.$b.$a\";\n"+12*" "+"}\n","true")
fields['URL']=(4,"URL requested by the user","string","u","$url",12*" "+"# URL process\n"+12*" "+"if ($url =~ m/^http:\/\/([\w\.-]*)/) {\n"+16*" "+"$url=$1;\n"+12*" "+"}\n"+12*" "+"if ($url =~ m/^\w*\.(\w*)$/) {\n"+16*" "+"$machine=\"www\";\n"+16*" "+"$domain=$url;\n"+12*" "+"}\n"+12*" "+"else {\n"+16*" "+"if ($url =~ /\d$/) {\n"+20*" "+"$machine=\"\";\n"+20*" "+"$domain=$url;\n"+16*" "+"}\n"+16*" "+"else {\n"+20*" "+"if ($url =~ /^\w*$/) {\n"+24*" "+"$domain=$url;\n"+24*" "+"$machine=\"\";\n"+20*" "+"}\n"+20*" "+"else {\n"+24*" "+"$url =~ m/^([^\/\.]*)\.(\S*)/;\n"+24*" "+"$machine=$1;\n"+24*" "+"$domain=$2;\n"+20*" "+"}\n"+16*" "+"}\n"+12*" "+"}\n"+12*" "+"$url=$domain;\n","true")
fields['HTTP']=(6,"HTTP method used : PUT or GET","string","m","$method","","true")
fields['Size']=(7,"Size of the answer","int","s","$ssize","","true")
fields['MIME Type']=(12,"MIME type : HTML, CSS, ...","string","mt","$mimetype","","true")

o=open("dansGuardian.ltp","w")
pickle.dump(logtype,o)
(dp0
S'fields'
p1
(dp2
S'MIME Type'
p3
(I12
S'MIME type : HTML, CSS, ...'
p4
S'string'
p5
S'mt'
p6
S'$mimetype'
p7
S''
p8
S'true'
p9
tp10
sS'HTTP'
p11
(I6
S'HTTP method used : PUT or GET'
p12
g5
S'm'
p13
S'$method'
p14
g8
g9
tp15
sS'URL'
p16
(I4
S'URL requested by the user'
p17
g5
S'u'
p18
S'$url'
p19
S'            # URL process\n            if ($url =~ 
m/^http:\\/\\/([\\w\\.-]*)/) {\n                $url=$1;\n            }\n       
     if ($url =~ m/^\\w*\\.(\\w*)$/) {\n                $machine="www";\n       
         $domain=$url;\n            }\n            else {\n                if 
($url =~ /\\d$/) {\n                    $machine="";\n                    
$domain=$url;\n                }\n                else {\n                    
if ($url =~ /^\\w*$/) {\n                        $domain=$url;\n                
        $machine="";\n                    }\n                    else {\n       
                 $url =~ m/^([^\\/\\.]*)\\.(\\S*)/;\n                        
$machine=$1;\n                        $domain=$2;\n                    }\n      
          }\n            }\n            $url=$domain;\n'
p20
g9
tp21
sS'IP'
p22
(I3
S'IP address used by the user'
p23
S'ipv4'
p24
S'i'
p25
S'$ipaddr'
p26
S'            # IP process\nif ($ipaddr =~ 
m/(\\d*)\\.(\\d*)\\.(\\d*)\\.(\\d*)/) {\n                $a=$1;\n               
 $b=$2;\n                $c=$3;\n                $d=$4;\n                
$ipaddr="$d.$c.$b.$a";\n            }\n'
p27
g9
tp28
sS'Time'
p29
(I1
S'Time when the request was done'
p30
S'timeline'
p31
S't'
p32
S'$time'
p33
S'            # Time process\n            if ($time =~ m/^\\S* 
(\\d+:\\d+):\\d+/) {\n                $time=$1;\n            }\n'
p34
S'false'
p35
tp36
sS'Login'
p37
(I2
S'User making the request'
p38
g5
S'n'
p39
S'$name'
p40
S'            # Login process\n            if ($name =~ m/(\\w*)\\.(\\w*)/) {\n 
               $first = $1;\n                $last = $2;\n            }\n       
     else {\n                $last=$name;\n                $first="";\n         
   }\n            $name="$last $first";\n'
p41
g9
tp42
sS'Size'
p43
(I7
S'Size of the answer'
p44
S'int'
p45
S's'
p46
S'$ssize'
p47
g8
g9
tp48
ssS'name'
p49
S'dansGuardian'
p50
sS'mapping'
p51
S'^([^\\,]*)\\,([^\\,]*)\\,([^\\,]*)\\,([^\\,]*)\\,([^\\,]*)\\,([^\\,]*)\\,([^\\,]*)\\,([^\\,]*)\\,([^\\,]*)\\,([^\\,]*)\\,([^\\,]*)\\,([^\\,]*)\\,([^\\,]*)\\,([^\\,]*)\\,([^\\,]*)'
p52
s.
import pickle 
logtype={}
fields={}

logtype['fields']=fields
logtype['name']="iptables"
logtype['mapping']="(\w+  \d+ \d+:\d+:\d+) (\w+) (\S+):(.*):.*SRC=(\d+.\d+.\d+.\d+) DST=(\d+.\d+.\d+.\d+) LEN=(\d+).*TTL=(\d+).*SPT=(\d+) DPT=(\d+).*"

#                  0           1          2        3                  4               5                  6
# fields[Label]=(Position, Description, Type, Variable picviz, Variable perl, Process post mapping, Relative)

fields['Time']=(1,"Time","timeline","t","$time",8*" "+"# Time Process\n"+8*" "+"if ($time =~ m/(\w+)  (\d+) (\d+:\d+:\d+)/){\n"+12*" "+"$month = $1;\n"+12*" "+"$date  = $2;\n"+12*" "+"$hour  = $3;\n"+12*" "+"if ($month == \"Jan\") {\n"+16*" "+"$month = \"01\";\n"+12*" "+"}\n"+12*" "+"if ($month == \"Feb\") {\n"+16*" "+"$month = \"02\";\n"+12*" "+"}\n"+12*" "+"if ($month == \"Mar\") {\n"+16*" "+"$month = \"03\";\n"+12*" "+"}\n"+12*" "+"if ($month == \"Apr\") {\n"+16*" "+"$month = \"04\";\n"+12*" "+"}\n"+12*" "+"if ($month == \"May\") {\n"+16*" "+"$month = \"05\";\n"+12*" "+"}\n"+12*" "+"if ($month == \"Jun\") {\n"+16*" "+"$month = \"06\";\n"+12*" "+"}\n"+12*" "+"if ($month == \"Jul\") {\n"+16*" "+"$month = \"07\";\n"+12*" "+"}\n"+12*" "+"if ($month == \"Aug\") {\n"+16*" "+"$month = \"08\";\n"+12*" "+"}\n"+12*" "+"if ($month == \"Sep\") {\n"+16*" "+"$month = \"09\";\n"+12*" "+"}\n"+12*" "+"if ($month == \"Oct\") {\n"+16*" "+"$month = \"10\";\n"+12*" "+"}\n"+12*" "+"if ($month == \"Nov\") {\n"+16*" "+"$month = \"11\";\n"+12*" "+"}\n"+12*" "+"if ($month == \"Dec\") {\n"+16*" "+"$month = \"12\";\n"+12*" "+"}\n"+12*" "+"$time=\"2008-$month-$day $hour\";\n"+8*" "+"}\n","false")
fields['Machine']=(2,"Machine","string","machine","$machine","","true")
fields['Log Type']=(3,"Kernel all the time","string","lgt","$lgt","","true")
fields['Flow']=(4,"Inbound or Outbound","String","flow","$flow","","true")
fields['SIP']=(5,"Source IP","string","sip","$sip","","true")
fields['DIP']=(6,"Destination IP","string","dip","$dip","","true")
fields['Length']=(7,"Length","gold","len","$len","","true")
fields['TTL']=(8,"Time to live","char","ttl","$ttl","","true")
fields['Sport']=(9,"Source port","integer","spt","$stp","","true")
fields['Dport']=(10,"Destination port","integer","dpt","$dpt","","true")

o=open("iptables.ltp","w")
pickle.dump(logtype,o)
(dp0
S'fields'
p1
(dp2
S'SIP'
p3
(I5
S'Source IP'
p4
S'string'
p5
S'sip'
p6
S'$sip'
p7
S''
p8
S'true'
p9
tp10
sS'Log Type'
p11
(I3
S'Kernel all the time'
p12
g5
S'lgt'
p13
S'$lgt'
p14
g8
g9
tp15
sS'TTL'
p16
(I8
S'Time to live'
p17
S'char'
p18
S'ttl'
p19
S'$ttl'
p20
g8
g9
tp21
sS'Flow'
p22
(I4
S'Inbound or Outbound'
p23
S'String'
p24
S'flow'
p25
S'$flow'
p26
g8
g9
tp27
sS'Machine'
p28
(I2
g28
g5
S'machine'
p29
S'$machine'
p30
g8
g9
tp31
sS'Length'
p32
(I7
g32
S'gold'
p33
S'len'
p34
S'$len'
p35
g8
g9
tp36
sS'Time'
p37
(I1
g37
S'timeline'
p38
S't'
p39
S'$time'
p40
S'        # Time Process\n        if ($time =~ m/(\\w+)  (\\d+) 
(\\d+:\\d+:\\d+)/){\n            $month = $1;\n            $date  = $2;\n       
     $hour  = $3;\n            if ($month == "Jan") {\n                $month = 
"01";\n            }\n            if ($month == "Feb") {\n                
$month = "02";\n            }\n            if ($month == "Mar") {\n             
   $month = "03";\n            }\n            if ($month == "Apr") {\n          
      $month = "04";\n            }\n            if ($month == "May") {\n       
         $month = "05";\n            }\n            if ($month == "Jun") {\n    
            $month = "06";\n            }\n            if ($month == "Jul") {\n 
               $month = "07";\n            }\n            if ($month == "Aug") 
{\n                $month = "08";\n            }\n            if ($month == 
"Sep") {\n                $month = "09";\n            }\n            if ($month 
== "Oct") {\n                $month = "10";\n            }\n            if 
($month == "Nov") {\n                $month = "11";\n            }\n            
if ($month == "Dec") {\n                $month = "12";\n            }\n         
   $time="2008-$month-$day $hour";\n        }\n'
p41
S'false'
p42
tp43
sS'Dport'
p44
(I10
S'Destination port'
p45
S'integer'
p46
S'dpt'
p47
S'$dpt'
p48
g8
g9
tp49
sS'Sport'
p50
(I9
S'Source port'
p51
g46
S'spt'
p52
S'$stp'
p53
g8
g9
tp54
sS'DIP'
p55
(I6
S'Destination IP'
p56
g5
S'dip'
p57
S'$dip'
p58
g8
g9
tp59
ssS'name'
p60
S'iptables'
p61
sS'mapping'
p62
S'(\\w+  \\d+ \\d+:\\d+:\\d+) (\\w+) (\\S+):(.*):.*SRC=(\\d+.\\d+.\\d+.\\d+) 
DST=(\\d+.\\d+.\\d+.\\d+) LEN=(\\d+).*TTL=(\\d+).*SPT=(\\d+) DPT=(\\d+).*'
p63
s.
_______________________________________________
Picviz mailing list
Picviz@wallinfire.net
http://www.wallinfire.net/cgi-bin/mailman/listinfo/picviz

Reply via email to