|
Server : Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 DAV/2 PHP/5.2.17 System : Linux localhost 2.6.18-419.el5 #1 SMP Fri Feb 24 22:47:42 UTC 2017 x86_64 User : nobody ( 99) PHP Version : 5.2.17 Disable Function : NONE Directory : /usr/share/logwatch/scripts/services/ |
Upload File : |
##########################################################################
# $Id: windows,v 1.1 2006/03/22 17:46:22 bjorn Exp $
##########################################################################
# $Log: windows,v $
# Revision 1.1 2006/03/22 17:46:22 bjorn
# Initial commit. Files submitted by William Roumier.
#
##########################################################################
# This was written and is maintained by:
# William Roumier <w.roumier@hotmail.fr>
#
# Please send all comments, suggestions, bug reports,
# etc, to logwatch-devel@logwatch.org
##########################################################################
use Logwatch ':all';
#$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0;
my ($month,$day,$time,$host,$process,$conn,$msg);
while (defined($ThisLine = <STDIN>)) {
($month,$day,$time,$host,$process,$conn,$msg)=split(/ +/,$ThisLine,7);
if ($ThisLine =~ /0x18/ )
{
$testline = $ThisLine;
chomp $testline;
@testfields = split(/ /,$testline);
$name=$testfields[14];
$domain=$testfields[22];
$fip=$testfields[33];
#print "DEBUG name=" . $name . "domain =" . $domain . "ip =" . $fip . "\n";
$LoginFail{$domain}{$name}{$fip}++;
}
else {
# will code this later
}
}
if (keys %LoginFail) {
print "\n\tWindows failed Logins:\n";
foreach $LDomain (keys %LoginFail) {
print "\nDOMAIN: " . $LDomain . ":\n";
foreach $LName (keys %{$LoginFail{$LDomain}}) {
print "\tName: " .$LName . "\n " ;
foreach $LFip (keys %{$LoginFail{$LDomain}{$LName}}) {
print "\t\tFrom :" .LookupIP($LFip)."\t ". $LoginFail{$LDomain}{$LName}{$LFip} . " Time(s)\n";
}
print "\n";}
}
}
exit(0);