Re: Counting IP address in firewall log
- From: "TDM" <tdm3 at verizon.net>
- Date: Sat, 22 Oct 2005 08:18:07 -0700
"Duane" <duanecu@xxxxxxxxx> wrote in message
news:1129827136.737884.171570@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> I've been reading posts in the group about how to count the IP
> addresses. But they all use a database. Isn't there a way to just use a
> multidemsional array?
>
> I've made the code to just gather the IPs into a single demensional
> array, but I cann't figure out what to do next to count each unique IP.
> Here is my code so far:
> ===========================
> Option Explicit
> Const ForReading = 1, ForWriting = 2, ForAppending = 8
> Dim objFSO, objFWFile, arrLine, i
> Dim arrIPList()
> i = 0
>
> Set objFSO = CreateObject("Scripting.FileSystemObject")
> Set objFWFile = objFSO.OpenTextFile("pfirewall.log", ForReading)
>
> Do While Not objFWFile.AtEndOfStream
> arrLine = Split(objFWFile.ReadLine, " ")
> If UBound(arrLine) > 3 Then
> If StrComp(arrLine(2), "DROP") = 0 Then
> ReDim arrIPList(i)
> arrIPList(i) = arrLine(4)
> i = i + 1
> End If
> End If
> Loop
> objFWFile.Close
>
> ReDim arrIPComb(UBound(arrIPList, 1), 1)
>
> ==============================
> You'll see above that I was gonna use arrIPComb() as a two demensional
> array to store the IP in the first column, and the count in the second
> column.
>
> I think this would be a handy tool for network admin for tracking down
> spyware and viri on a network.
>
Duane,
I added a bit to your code, made some guesses about the file format
since I do not have access to it. In short, I sorted the array, then counted
duplicates, and then stuffed in to a 2 dim array as you state. Sadly, you
can
only ReDim the last dimension in a multidimensional array(so the doc says).
I also did a REAL cheesy sort using JS for no particular reason then to see
if it was easier/better then a VBS sort, not sure it is. You can find VBS
sort
routines in google, a dime a dozen. This is a WSF format only soi I could
use the JS. Nuke the WSF stuff and find your won sort routine and it should
work.
<job id="GetFireWallInfo">
<script language="JScript" src="sortArry.js"></script>
<script language="VBScript">
Option Explicit
Const ForReading = 1, ForWriting = 2, ForAppending = 8
Dim objFSO, objFWFile, arrLine, i, x, z, ary, aryJs
Dim arrIPList(), aryNew, aryFinal(128, 2)
i = 0
x = 1
z = 0
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFWFile = objFSO.OpenTextFile("pfirewall.log", ForReading)
Do While Not objFWFile.AtEndOfStream
arrLine = Split(objFWFile.ReadLine, " ")
If UBound(arrLine) > 3 Then
If StrComp(arrLine(2), "DROP") = 0 Then
ReDim Preserve arrIPList(i)
arrIPList(i) = arrLine(4)
WScript.Echo "adding : " & arrLine(4)
i = i + 1
End If
End If
Loop
objFWFile.Close
aryJs = sortArry(arrIPList)
aryNew = Split(aryJs, ",", -1, 1)
For i = 0 To UBound(aryNew) - 1
If aryNew(i) = aryNew(i + 1) Then
x = x + 1
Else
aryFinal(z, 1) = aryNew(i)
aryFinal(z, 2) = x
z = z + 1
x = 0
End If
Next
For x = 0 To UBound(aryFinal)
If aryFinal(x , 1) <> "" Then WScript.Echo aryFinal(x, 1) & ":" &
aryFinal(x, 2)
Next
WScript.Echo "Done .."
</script>
</job>
Here is the cheesy JS sort if you want it. I was just playin around ....
function sortArry(ary) {
var i;
var rtn;
var vbAry = new VBArray(ary);
var jsAry = vbAry.toArray();
rtn = jsAry.sort();
return rtn;
}
TDM
.
- Follow-Ups:
- Re: Counting IP address in firewall log
- From: ekkehard.horner
- Re: Counting IP address in firewall log
- References:
- Counting IP address in firewall log
- From: Duane
- Counting IP address in firewall log
- Prev by Date: Determine Laptop vs Workstation?
- Next by Date: event onclick twice
- Previous by thread: Counting IP address in firewall log
- Next by thread: Re: Counting IP address in firewall log
- Index(es):
Relevant Pages
|
