Solved

Can you convert this perl script to windows Activeperl

Posted on 2004-09-15
14
288 Views
Last Modified: 2008-02-01
Hi,

Can you make this perl script run on an XP Pro PC in ActivePerl?

I have ActivePerl installed in C:\Perl
I have Grep installed in C:\Program files\Grep

#!/bin/sh
# cgprologcheck.sh written by Dale LaFountain (dalel at darkhorse dot com)
#   on 2003-07-05, added unknow delivery reporting on 2003-10-22
#
# This script summarizes dns rbl, local bl, unknown delivery attempts,
#   and RFC822 blocks, into a form suitable for mailing to admins.
#
# Simply add this script to root's crontab in an entry like this:
#
# 59 23 * * * /usr/local/etc/cgprologcheck.sh | mail -s "`hostname` CGPro RBL Report"   root 2>&1
#

LOGDIR=/var/CommuniGate/SystemLogs
TODAY=`date +%Y-%m-%d`

cd $LOGDIR
grep " blacklisted" $TODAY*.log > /tmp/cgp$TODAY.log
grep "unknown user account" $TODAY*.log | grep "SMTP" > /tmp/cgpunk$TODAY.log
NUMUNK=`cat /tmp/cgpunk$TODAY.log | wc -l`
NUMMC=`grep "message content" $TODAY*.log | wc -l`
NUMRBL=`cat /tmp/cgp$TODAY.log |  wc -l`
#ORBZBLOCKED=`grep "blacklisted by relays.ordb.org" /tmp/cgp$TODAY.log | wc -l`
#SPAMBLOCKED=`grep "blacklisted by bl.spamcop.net" /tmp/cgp$TODAY.log | wc -l`
#KOREABLOCKED=`grep "blacklisted by korea.services.net" /tmp/cgp$TODAY.log | wc -l`
SBLBLOCKED=`grep "blacklisted by sbl.spamhaus.org" /tmp/cgp$TODAY.log | wc -l`
CBLBLOCKED=`grep "blacklisted by cbl.abuseat.org" /tmp/cgp$TODAY.log | wc -l`
MANBLOCKED=`grep "blacklisted\." /tmp/cgp$TODAY.log | wc -l`
ATTACHBLOCKED=`find /var/CommuniGate/filter/viruses_or_spam -mtime 1 | grep .msg | wc -l`
echo Report for $TODAY
echo
echo "Unknown user account bounces: $NUMUNK"
echo "            by contentfilter: $ATTACHBLOCKED"
echo "            by RFC822 blocks: $NUMMC"
echo
echo "            Total RBL blocks: $NUMRBL"
echo "          local blacklisting: $MANBLOCKED"
echo "         by sbl.spamhaus.org: $SBLBLOCKED"
echo "          by cbl.abuseat.org: $CBLBLOCKED"

#echo            by bl.spamcop.net: $SPAMBLOCKED
#echo           by relays.ordb.org: $ORBZBLOCKED
#echo        by korea.services.net: $KOREABLOCKED
echo
echo
if [ -s /tmp/cgp$TODAY.log ] ; then
echo Top 10 locally blacklisted offenders are:
echo Cnt Host
cat /tmp/cgp$TODAY.log | grep "blacklisted\." | awk -F"\(" '{print $2}' | awk -F"\)" '{print $1}' | sort -n | uniq -c | sort -brn | head  -n 10
echo
echo Top 10 RBL offenders are:
echo Cnt Host
cat /tmp/cgp$TODAY.log | awk -F"\(" '{print $2}' | awk -F"\)" '{print $1}' | sort -n | uniq -c | sort -brn | head  -n 10
echo
echo Top 10 unknown user delivery attempts came from:
echo Cnt Host
cat /tmp/cgpunk$TODAY.log | awk -F"\(" '{print $2}' | awk -F"\)" '{print $1}' | sort -n | uniq -c | sort -brn | head  -n 10
fi
echo
rm /tmp/cgp$TODAY.log /tmp/cgpunk$TODAY.log
0
Comment
Question by:docfxit
  • 6
  • 6
14 Comments
 
LVL 18

Expert Comment

by:kandura
ID: 12067258
this is a shell script, not a perl script.
you also need date, cat, find, wc, awk, sort, uniq, head, rm and something to mimic if.
the quickest road to success would be to install Cygwin (www.cygwin.com) so that you have something of a Unix environment available.
0
 

Author Comment

by:docfxit
ID: 12069134
Thanks for the info.  I have installed cygwin.

How do I run the script now?
0
 
LVL 18

Expert Comment

by:kandura
ID: 12069199
Either make it executable with

    chmod +x your_script

and call it with

    ./your_script

or call it with sh:

    sh your_script

Just like in Unix, Linux, etc. :-)
0
 

Author Comment

by:docfxit
ID: 12069377
Hi Kandura,

You are great.  It actually runs.  I'm getting an error saying:
 can't cd to /var/CommuniGate/SystemLogs

So I changed the line:
From
LOGDIR=/var/CommuniGate/SystemLogs
To:
LOGDIR="c:/Program Files/CommuniGate Modified Files/SystemLogs"

cd: can't cd to c:/Program
grep: 2004-09-15*.log: No such file or directory
grep: 2004-09-15*.log: No such file or directory
grep: 2004-09-15*.log: No such file or directory
FIND: Invalid switch
Report for 2004-09-15

Any ideas?

Thanks
0
 
LVL 18

Expert Comment

by:kandura
ID: 12069469
yes, directories work a little bit differently under Cygwin. It creates its own unix-like directory structure, so there is a /var somewhere inside where you installed Cygwin.
Cygwin makes some virtual root directories available for devices such as hard disks. Your c: disk should be available under /cygdrive/c, so your log path should be written as

    /cygdrive/c/Program\ Files/CommuniGate\ Modified\ Files/SystemLogs

Also note that you need to escape the spaces in the directory names.
0
 

Author Comment

by:docfxit
ID: 12069984
I tried that.  What I got back is:
 can't cd to /cygdrive/c/Program

I do have
C:\cygwin\var
In var there are no files.  There are the fowling dir's
C:\cygwin\var\cache
C:\cygwin\var\log
C:\cygwin\var\run
C:\cygwin\var\tmp

Thanks
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 18

Expert Comment

by:kandura
ID: 12070691
I had it wrong... you don't need to escape the spaces, but you need to quote the variable:

    LOGDIR="/cygdrive/c/Program Files/CommuniGate Modified Files/SystemLogs"
    cd "$LOGDIR"

0
 

Author Comment

by:docfxit
ID: 12070921
I tried:
"/cygdrive/c/Program Files/CommuniGate Modified Files/SystemLogs"
and it gave me:
can't cd to /cygdrive/c/Program
I tried:
"/cygdrive/c/Program\Files/CommuniGate Modified\Files/SystemLogs"
and it gave me:
can't cd to /cygdrive/c/Program\Files/CommuniGate\Modified\Files/SystemLogs

I also tried setting an environment variable for:
Home C:
HomeDrive C:
HomePath C:

After I ran the job I see it changed
HomePath C:
To
HomePath=\Documents and Settings\Console1
0
 
LVL 18

Expert Comment

by:kandura
ID: 12070959
did you change the line that says

    cd $LOGDIR

to
   
    cd "$LOGDIR"

?
0
 

Author Comment

by:docfxit
ID: 12071236
No I didn't.  You caught me.  My bad   :-(
I just changed it.  That fixed it.            :-)
Yipi !!!!

On to the next errors:

grep: 2004-09-15.log: Device or resource busy
grep: 2004-09-15.log: Device or resource busy
grep: 2004-09-15.log: Device or resource busy
FIND: Invalid switch      

I am guessing it's saying it's busy because the program  creating the log file is running.  It will  always be running 24hrs a day.  Is there a way to share the file so this script can read it?

Thanks
0
 
LVL 4

Expert Comment

by:divt
ID: 12077001
If you have plenty of space, I suggest you make a copy of the file before doing grep.
0
 

Author Comment

by:docfxit
ID: 12077691
How could I change
$TODAY
To
$TODAY minus one day

So I can see yesterdays log.

Thanks
0
 
LVL 18

Accepted Solution

by:
kandura earned 125 total points
ID: 12195751
YESTERDAY=`date +%Y-%m-%d -d '-1 day'`

and then use $YESTERDAY
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Suggested Solutions

Many time we need to work with multiple files all together. If its windows system then we can use some GUI based editor to accomplish our task. But what if you are on putty or have only CLI(Command Line Interface) as an option to  edit your files. I…
A year or so back I was asked to have a play with MongoDB; within half an hour I had downloaded (http://www.mongodb.org/downloads),  installed and started the daemon, and had a console window open. After an hour or two of playing at the command …
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now