Calomel.org Spamd Stats

#!/usr/bin/perl ############################################ # Calomel.org Spamd Configuration Settings # ############################################ # Path to spamd logfile(s). No "/" after last dir name. Ex. "/var/log". $spamdpath = "/var/www/htdocs"; # Spamd log file (daemon by default) $spamdfile = "/var/log/daemon"; # Path to output html file $spamdhtmlfile = "/var/www/htdocs/calomel_spamd_stats.html"; # Spamd delay is seconds (-s) $spamddelay = 3; ############################## # End Configuration Settings # ############################## #####Begin: define dates ##### @months=("Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec"); @days=("Sun","Mon","Tue","Wed","Thu","Fri","Sat"); ($sec,$min,$hour,$mday,$mon,$year,$wday)=(localtime(time))[0,1,2,3,4,5,6]; $year=$year+1900; #####End: define dates ##### #####Begin: read spamd file(s) and get totals ##### open(SOURCE, "gzcat -f $spamdfile | sort -u |") or die ("Can't open file! Permissions? UserID? gzcat?"); while( ) { if ((/spamd/) && (/disconnected after/)) { ($dates,$hostname,$daemonandid,$ip,$seconds) = ($_ =~ /(\w+[ ]{1,2}\d+ \d+:.\d:.\d+) (.*) (.*)\: (\d+\.\d+\.\d+\.\d+)\: disconnected after (\d+) seconds/); $totalseconds +=$seconds; $totalspammers++; $line{$ip}{hits}++; $line{$ip}{time} += $seconds; ($date) = ($_ =~ /(\w+[ ]{1,2}\d+ \d+:.\d:.\d+)/); push(@date_array, "$date"); } } close(SOURCE) or die "File didn't close: $!"; if ($totalspammers==0){$totalspammers=1;} #####End: reading spamd file(s) and get totals ##### ##### Begin: calculate, consolidate and put into array ##### my %collectem = (); foreach my $ip (keys %line) { $totalips++; my $hits = $line{$ip}{hits}; my $time = $line{$ip}{time}; my $conn = int(($line{$ip}{time}/$line{$ip}{hits})+0.5); my $phits = int((($line{$ip}{hits}/$totalspammers)*100)+0.4); my $ptime = int((($line{$ip}{time}/$totalseconds)*100)+0.4); push (@arrayem, [$hits,$ip,$time,$conn,$phits,$ptime]); } ##### End: calculate, consolidate and put into array ##### #####Begin: order data by hits, time then ip in decending order ##### sub orderem { $b->[0] <=> $a->[0] or $b->[2] <=> $a->[2] or $b->[1] cmp $a->[1]; } #####End: order data by hits, time then ip in decending order ##### #####Begin: output to HTML ##### open(SPAMDHTMLSTATS, ">$spamdhtmlfile") or die ("Can't create file"); print SPAMDHTMLSTATS "Calomel.org Spamd Stats

\n"; print SPAMDHTMLSTATS "Calomel.org Spamd Stats on $hostname
\n"; print SPAMDHTMLSTATS "Script run on: $days[$wday] $months[$mon] $mday $year at $hour:$min"; printf SPAMDHTMLSTATS (" in %4.0f second(s)
\n",time-$^T); print SPAMDHTMLSTATS "Data Range: $date_array[0] to $date_array[-1]

\n"; printf SPAMDHTMLSTATS ("Time spammers wasted: %4.2f hours
\n",$totalseconds/3600); printf SPAMDHTMLSTATS ("Total bandwith used: %4.2f megabytes
\n",($totalseconds/$spamddelay*80.606/1000000)); printf SPAMDHTMLSTATS ("Average time per tarpit: %4.2f minutes
\n",($totalseconds/$totalspammers)/60); print SPAMDHTMLSTATS "Unique ip addresses tarpitted: $totalips
\n"; print SPAMDHTMLSTATS "Total connections made: $totalspammers

\n"; print SPAMDHTMLSTATS "\n\n"; print SPAMDHTMLSTATS ""; print SPAMDHTMLSTATS ""; print SPAMDHTMLSTATS ""; @sortem = sort orderem @arrayem; foreach $thingy (@sortem) { print SPAMDHTMLSTATS ""; } print SPAMDHTMLSTATS ""; close(SPAMDHTMLSTATS); #####End: output to HTML #####

Tarpits	Source IP	Time (s)	Ave Sec/Tarpit	% of Tarpits	% of Time
$thingy->[0]	$thingy->[1]	$thingy->[2]	$thingy->[3]	$thingy->[4]	$thingy->[5]