Revert "Initial version of logs ranking"

This reverts commit d6bb36646e.
2024-12-22 08:46:01 +00:00 · 2011-05-08 21:25:59 +02:00 · 2011-05-08 21:25:59 +02:00 · 8db6acd5af
commit 8db6acd5af
parent d6bb36646e
2 changed files with 0 additions and 149 deletions
--- a/git/logs-ranking/README.md
+++ b/git/logs-ranking/README.md
@ -1,55 +0,0 @@
 logs-ranking
 ============
 logs-ranking is a simple Perl script to add [BGP security ranking](http://bgpranking.circl.lu/) for
 each IP address seen. The purpose is to ease network security analysis by providing a weight to
 each log entry especially when you have large dataset.
 logs-ranking queries two Whois interface:
 * RIPE RIS interface
 * CIRCL BGP Ranking interface.
 logs-ranking is currently supporting Apache common/combined logs format.
 Usage
 -----
    cat ../logs/www.foo.be-access.log|  perl logs-ranking.pl >www.foo.be-access.log-ranked
 After gathering the BGP security ranking for your logs, it will be prepended to
 the log files with the following format:
 <ASN>,<BGP ranking value in float>,original line
 So you can use whatever tools to sort, merge, cut the ranked logs. For example,
 you can use sort to sort with the higher score value:
    sort -r -g -t"," -k2 myrankedlogfiles.txt
 Software required
 -----------------
 * A recent version of Perl
 * [Net::Whois::RIS](http://search.cpan.org/dist/Net-Whois-RIS/)
 License
 -------
 Copyright (C) 2011 Alexandre Dulaunoy
 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
 the Free Software Foundation, either version 3 of the License, or
 (at your option) any later version.
 This program is distributed in the hope that it will be useful,
 but WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 GNU General Public License for more details.
 You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
--- a/git/logs-ranking/bin/logs-ranking.pl
+++ b/git/logs-ranking/bin/logs-ranking.pl
@ -1,94 +0,0 @@
 #!/usr/bin/perl
 use strict;
 use Net::Whois::RIS;
 use Socket;
 $| = 1;
 my %iporigin;
 my %ipranking;
 sub BGPRankingLookup {
    my $asn = shift;
    $asn =~ s/AS//g;
    my $bgpranking =
      IO::Socket::INET->new( PeerAddr => "pdns.circl.lu", PeerPort => 43 )
      or die();
    print $bgpranking $asn . "\n";
    my $x;
    while (<$bgpranking>) {
        $x = $x . $_;
    }
    return $x;
    $bgpranking->shutdown();
 }
 sub getASN {
    my $ip = shift;    #or hostname
    if ( !( $ip =~ /^(\d+\.){3}\d+$/ ) ) {
        my $ipn = inet_aton($ip) or next;
        $ip = inet_ntoa($ipn);
    }
    my $l = Net::Whois::RIS->new();
    $l->getIPInfo($ip);
    return $l->getOrigin();
 }
 sub ipExist {
    my $ip = shift;
    if ( exists $iporigin{$ip} ) {
        return 1;
    }
    else {
        return undef;
    }
 }
 sub rankingExist {
    my $ip = shift;
    if ( exists $ipranking{$ip} ) {
        return 1;
    }
    else {
        return undef;
    }
 }
 sub ipAdd {
    my $ip  = shift;
    my $asn = shift;
    $iporigin{$ip} = $asn;
 }
 sub rankingAdd {
    my $ip      = shift;
    my $ranking = shift;
    $ipranking{$ip} = $ranking;
 }
 while (<STDIN>) {
    my $saved = $_;
    my @ipext = split( / /, $_, );
    my $ip    = $ipext[0];
    if ( not ipExist($ip) ) {
        ipAdd( $ip, getASN($ip) );
    }
    if ( not rankingExist($ip) ) {
        my @rankl = split( /,/, BGPRankingLookup( $iporigin{$ip} ) );
        rankingAdd( $ip, $rankl[1] );
    }
    my @rankl = split( /,/, BGPRankingLookup( $iporigin{$ip} ) );
    print $iporigin{$ip} . "," . $ipranking{$ip} . "," . $saved;
 }