#!/usr/bin/perl
#
#
# Set behaviour
$log="/var/log/cisco.log";
$ntop=10;
#
chomp ($sig=$ARGV[0]);
if ($sig eq "") { $sig=".*"};
   
open(LOG , "<$log") or die;
while (<LOG>) {
 if (/SIGNATURE: Sig:$sig Subsig:$subsig Sev:$sev $message \[([0-9.]+):([0-9]+)\s*->\s*([0-9.]+)([0-9]+)\] /)
{ 
   $x=$6;
   $srca{$2}+=$x;
   $foo=sprintf("%16s  -> %16s  %3s port %-6s",$2,$4,$1,$5);
   $moo=sprintf("%3s port %-6s",$1,$5);
   $quad{$foo}+=$x;
   $port{$moo}+=$x;
 }
}
$n=0;
printf ("Connection Summary:\n");
foreach $i (sort { $quad{$b} <=> $quad{$a} } keys %quad) {
   if ($n++ >= $ntop) { last };
   printf ("%6s:%s\n", $quad{$i},$i);
}
$n=0;
printf ("\nDestination Port Summary:\n");
foreach $i ( sort { $port{$b} <=> $port{$a} } keys %port) {
   if ($n++ >= $ntop) { last };
   printf ("%6s: %s\n", $port{$i},$i);
}
$n=0;
printf ("\nSource Address Summary:\n");
foreach $i ( sort { $srca{$b} <=> $srca{$a} } keys %srca) {
   if ($n++ >= $ntop) { last };
   printf ("%6s: %s\n", $srca{$i},$i);
}