On 10/04/2010 06:25 PM, pf at alt-ctrl-del.org wrote:
On 10/04/2010 02:48 PM, pf at alt-ctrl-del.org wrote:
Are there any existing scripts out there, that report connection counts by cidr
network?
Input:?
parse.pl /var/log/mail cidr_list.zone
Output:?
network count
10.10.128.0/19 983
10.144.48.0/20 121
On 10/04/2010 4:52 PM, Michael Orlitzky wrote:
What's in that cidr_list.zone file?
pf at alt-ctrl-del.org wrote:
Simple list of cidr format networks, one per line.
Either a hand crafted list, or a full country .zone file from
http://ipdeny.com/ipblocks/
On 10/04/2010, Michael Orlitzky wrote:
This should work, although the standard disclaimers apply:
1. There's no error checking.
2. The regular expression for connections might not be correct.
3. It's slow.
4. I don't actually know Perl.
[snip]
Great!
By saving one version with:
if ($line =~ ' connect from .*\[([\d\.]+?)\]') {
And another with:
if ($line =~ 'smtpd.*client=.*\[([\d\.]+?)\]') {
I can compare attempts vs success, from specific networks.
