#!/usr/local/bin/tclsh # $Id: ssth.tcl,v 1.4 2003/09/23 15:38:45 robroy Exp robroy $ #--------------------------------------------------------------------- # ssTopHosts: ssth.tcl # # ssTopHosts reads the output of a SunScreen 3.2 log dump and gives # you a list of the top offenders -- the remote machines that have # initiated the highest numbers of blocked events. # # For now, create the log dump that this programs reads on the Sun # machine with the following command: # # Copyright Robroy Gregg, Computer Consultant 2010. All rights reserved. # # # ssadm log get | ssadm logdump -i - > ss.log #--------------------------------------------------------------------- if {[catch {open ss.log} fileHandle]} { puts stderr "ssTopHosts: Could not open file ss.log." exit 1 } #--------------------------------------------------------------------- # Read the SunScreen log file and create an array named "offenders". # The array contains pairs of hostnames and contact attempts, like # this: offenders(host_A) == 110, offenders(host_B) == 29 ... #--------------------------------------------------------------------- while {[gets $fileHandle line] != -1} { if {[regexp "256:.*\\.\[0-9]+ (.*) ->" $line notUsed host] == 1} { if {[info exists offenders($host)] == 1} { incr offenders($host) } else { set offenders($host) 1 } } } catch {close $fileHandle} #--------------------------------------------------------------------- # Create a list called topOffenders, which contains the same # hostnames as the offenders array, but lists them in order from # most attempts to least. First, pre-set the first list element. #--------------------------------------------------------------------- set searchID [array startsearch offenders] set topOffenders [array nextelement offenders $searchID] foreach "host attempts" [array get offenders] { #--------------------------------------------------------------------- # If the offender made less than 10 attempts, don't bother entering # it in the topOffenders list. #--------------------------------------------------------------------- if {$attempts < 10} {continue} puts -nonewline .; flush stdout #--------------------------------------------------------------------- # Arrange the offenders in the topOffenders list in order from most # to least threatening. #--------------------------------------------------------------------- set index 0 # While there are still elements remaining in the topOffenders list... while {[regexp ^$ [lindex $topOffenders $index]] != 1} { #--------------------------------------------------------------------- # If the attempts of the current offender were less than the the # one previously considered, arrange to have the current offender # placed in the topOffenders list after the previous one. #--------------------------------------------------------------------- if {$attempts > $offenders([lindex $topOffenders $index])} \ break #--------------------------------------------------------------------- # If the current offender ranks poorer than 200th place in their # attepts (as compared to others), don't bother to record them. #--------------------------------------------------------------------- if {$index > 200} break incr index } set topOffenders [linsert $topOffenders $index $host] } #--------------------------------------------------------------------- # Print out the top fifteen offenders. #--------------------------------------------------------------------- puts {} puts [format "%-42s %-20s" Host "Contact attempts"] puts -------------------------------------------------------------- for {set index 0} {$index != 15} {incr index} { set host [lindex $topOffenders $index] set attempts $offenders($host) puts [format "%-48s %10d" $host $attempts] }