Sign in to follow this  
Followers 0
SetEnv

Firewall Log Analyzer

6 posts in this topic

#1 ·  Posted (edited)

Hello !

I'm new here, and I began scripting in autoit recently...

So, I decided to write a (very) cool log analyzer.

It read lines from a file and extract any unknown Ip Adresse then, send them to a server (not yet writted) for more analyze...

Here's the log analyzer, with some comments...

#cs ----------------------------------------------------------------------------

 AutoIt Version: 3.2.12.1
 Author:         SetEnv

 Script Function:
    Check for unwanted Ip's in the firewall log file, and then send the ip's to a server for more analyze.
    If thoses ip were found in others user's log file, then the system will try to stop these 'attacks'...
    More Infos: <myemail>
#ce ----------------------------------------------------------------------------

; includes
#Include <File.au3>

; The startup...
Call("ChkConfig")

; Function
Func StringAddToken($satString, $satItem, $satToken)
    Local $satSplit = StringSplit($satString,$satitem,1), $satCount = $satSplit[0]
    For $satCount To 0
        If StringInStr($satString, $satSplit[$satCount]) == 0 Then $satString = $satString & $satToken & $satSplit[$satCount]
        $satCount -= 1
    Next
    Return $satString
EndFunc ; ==> EndFunc 'StringAddToken($satString, $satItem, $satToken)'

Func Chkconfig()
    If FileExists("config.cfg") == 0 Then 
        TrayTip("ChkConfig", "Error: Config file not found. Exiting.", 2, 3)
        Sleep(2100)
        Exit
    
    Else
        Call("Loop")
    EndIf
EndFunc ; ==> Endfunc 'ChkConfig()'


Func SendData($data) 
    TCPSend($ReportSocket, $data)
EndFunc ; ==> EndFunc 'SendData($data)'

Func xConnect($ReportSocket, $ReportServer = StringSplit( FileRead("servers.lst"),":") )
    $ReportSocket = TCPConnect($ReportServer[1], $ReportServer[2])
    If $ReportSocket <> -1 Then
        ; need login now...
    EndIf
    ; then if socket successfull created and user (you) logged in, setting global vars '$isConnected' and '$isLogin' to '$true'
EndFunc

Func Loop()
    TrayTip("Loop", "Running", 2)
    Global $line = IniRead("config.cfg","config", "line", "1"), $path = IniRead("config.cfg", "config", "path", "firewall.log"), $inc = 0
    While 1
        If $line <= _FileCountLines($path) Then ; If var 'line' is less or equal maxlines then
            If $IsConnected == "True" Then ; If the socket is opened...
                If  $IsIdent == "True" Then ; if the client (you) is identified
                
                    Local $read = FileReadLine($path, $line) ; setting '$read' as line readed in '$path'
            
                    ; Changing some chr , for an easier use later.
                    $read = StringReplace($read, "@",":") ;;;; "@" \          ;;;;
                    $read = StringReplace($read, "'",":") ;;;; "'"  |         ;;;;
                    $read = StringReplace($read, '"',':') ;;;; '"'  |         ;;;;
                    $read = StringReplace($read, " ",":") ;;;; " "   > To ":" ;;;;
                    $read = StringReplace($read, "<",":") ;;;; "<"  |         ;;;;
                    $read = StringReplace($read, ">",":") ;;;; ">"  |         ;;;;
                    $read = StringReplace($read, "|",":") ;;;; "|" /          ;;;;
                
                    ; splitting '$stringSplit' with chr ':' AND setting '$stringDec' at total splitted items AND creating var '$stringitem' to null
                    Local $stringsplit = StringSplit($read,":"), $stringDec = $stringsplit[0], $stringitem
                    While $stringDec > 0 ; while '$stringDec' > 0 
                        
                        $stringitem = $stringsplit[$stringDec] ; setting curent item
                        
                        ; if current item is an Ip AND is not protected, then report...
                        If Isip($stringitem) == "$true" AND DontReport($stringitem) == "$false" Then Call("SendData", $stringitem)
                        If $stringDec == 1 Then ExitLoop ; If the last item was scanned, exiting loop
                        $stringDec -= 1 ; else, '$stringDec' - 1
                    WEnd ; End Of While
                    $line += 1 ; Incrementig line to read
                EndIf
            Else ; Else : just trying to connect to a report server...
                Call("xConnect")
            EndIf
        EndIf
    WEnd
EndFunc ; ===> EndFunc 'Loop()'

All comments are welcome !

SetEnv

Edit: Code

Edited by SetEnv

Share this post


Link to post
Share on other sites



Source updated...

Last update has some errors.

* Now: Can be launched without any config file.

(But the server was not yet writted...)

#cs ----------------------------------------------------------------------------

 AutoIt Version: 3.2.12.1
 Author:         SetEnv

 Script Function:
    Check for unwanted Ip's in the firewall log file, and then send the ip's to a server for more analyze.
    If thoses ip were found in others user's log file, then the system will try to stop these 'attacks'...
    More Infos: <myemail>
#ce ----------------------------------------------------------------------------

; includes
#Include <File.au3>

; Setting some vars
; 
; $DontReport = Ip who will not be reported during analyze.
Global $DontReport = IniRead("config.cfg", "config", "dontscan", "127.0.0.1:" & @IPAddress1 & ":" & @IPAddress2 & ":" & @IPAddress3), $IsConnected = "False", $IsIdent = "False"

Call("loop")
; Functions

Func StringAddToken($satString, $satItem, $satToken) ; Add token to a sting: usage: StringAddToken(string,item,separators) => string<SEPARATOR>item
    Local $satSplit = StringSplit($satString,$satitem,1), $satCount = $satSplit[0]
    For $satCount To 0
        If StringInStr($satString, $satSplit[$satCount]) == 0 Then $satString = $satString & $satToken & $satSplit[$satCount]
        $satCount -= 1
    Next
    Return $satString
EndFunc ; ==> EndFunc 'StringAddToken($satString, $satItem, $satToken)'

Func SendData($socket,$data) ; Func who could send any data to report server
    ; maybe crypted ?? that would be cool!
    TCPSend($socket, $data)
EndFunc ; ==> EndFunc 'SendData($data)'

Func xConnect($ReportSocket, $ReportServer) ; xConnect : connect and identify to a Report Server
    Local $myid = IniRead("config.cfg", "user", "login","user"), $mypass = IniRead("config.cgf", "user", "passwd", "passwd")
    
    $ReportServer = StringSplit( FileRead("servers.lst"),":") ) ; setting report server (splitted in 'ip port')
    $ReportSocket = TCPConnect($ReportServer[1], $ReportServer[2]) ; launching socket
    
    If $ReportSocket <> -1 Then ; If socket sucessfull connected then sending Login/passwd
    
    Call("SenData",$ReportSocket,"login:"& $myid &":"& $mypass) ; calling Func 'SendData' (sending 'login:user:passwd' to socket '$ReportSocket')
    
    ; Then, wait for reply...
    $ConnectedSocket = -1
    Do
        $ConnectedSocket = TCPAccept($ReportSocket)
    Until $ConnectedSocket <> -1
    
    ;Getting Datas
    $recv = TCPRecv($ConnectedSocket, 2048)
    
    If @Error Then ; If Error: Closing Socket
        TCPCloseSocket($ConnectedSocket)
    Else ; Else
        $IsConnected = "True" ; setting var '$IsConnected' to 'True'
    
        ;if '300:welcome' is in (casesens) the msg, then setting '$IsIdent' to 'True'
        If StringInStr($ConnectedSocket,"300:WELCOME") == "1" Then $IsIdent = "True"
    
        ;elseif '400:ERRLOGIN' is in (casesens) the msg, then login wasn't sucessfull and closing socket.
        If StringInStr($ConnectedSocket, "400:ERRLOGIN") == "1" Then TCPCloseSocket($ConnectedSocket)
    EndIf
    EndIf
EndFunc ; ==> EndFunc xConnect

Func Loop() ; Main thread
    TrayTip("Loop", "Running", 2) ; Tooltip: running [ok]
    ;setting some vars
    Local $line = IniRead("config.cfg","config", "line", "1"), $path = IniRead("config.cfg", "config", "path", "firewall.log"), $inc = 0
    
    While 1 ; While 1 ...
        
        If $line <= _FileCountLines($path) Then ; If var 'line' is less or equal maxlines then
            If $IsConnected == "True" Then ; If the socket is opened...
                If  $IsIdent == "True" Then ; if the client (you) is identified
                
                    Local $read = FileReadLine($path, $line) ; setting '$read' as line readed in '$path'
            
                    ; Changing some chr , for an easier use later.
                    $read = StringReplace($read, "@",":") ;;;; "@" \          ;;;;
                    $read = StringReplace($read, "'",":") ;;;; "'"  |         ;;;;
                    $read = StringReplace($read, '"',':') ;;;; '"'  |         ;;;;
                    $read = StringReplace($read, " ",":") ;;;; " "   > To ":" ;;;;
                    $read = StringReplace($read, "<",":") ;;;; "<"  |         ;;;;
                    $read = StringReplace($read, ">",":") ;;;; ">"  |         ;;;;
                    $read = StringReplace($read, "|",":") ;;;; "|" /          ;;;;
                
                    ; splitting '$stringSplit' with chr ':' AND setting '$stringDec' at total splitted items AND creating var '$stringitem' to null
                    Local $stringsplit = StringSplit($read,":"), $stringDec = $stringsplit[0], $stringitem
                    While $stringDec > 0 ; while '$stringDec' > 0 
                        
                        $stringitem = $stringsplit[$stringDec] ; setting curent item
                        
                        ; if current item is an Ip AND is not protected, then report...
                        If Isip($stringitem) == "$true" AND StringInStr($DontScan,$stringitem) == 0 Then Call("SendData", $stringitem)
                        If $stringDec == 1 Then ExitLoop ; If the last item was scanned, exiting loop
                        $stringDec -= 1 ; else, '$stringDec' - 1
                    WEnd ; End Of While
                    $line += 1 ; Incrementig line to read
                EndIf
            Else ; Else : just trying to connect to a report server...
                Call("xConnect")
            EndIf
        EndIf
    WEnd
EndFunc ; ===> EndFunc 'Loop()'

Share this post


Link to post
Share on other sites

Hum, new update...

Client modifications:

  • 'Call()' : Replaced by direct function.
  • Some others minor things...

#cs ----------------------------------------------------------------------------

 AutoIt Version: 3.2.12.1
 Author:         SetEnv

 Script Function:
    Check for unwanted Ip's in the firewall log file, and then send the ip's to a server for more analyze.
    If thoses ip were found in others user's log file, then the system will try to stop these 'attacks'...
    More Infos: <myemail>
#ce ----------------------------------------------------------------------------

; includes
#Include <File.au3>

; Setting some vars
; 
; $DontReport = Ip who will not be reported during analyze.
Global $DontReport = IniRead("config.cfg", "config", "dontscan", "127.0.0.1:" & @IPAddress1 & ":" & @IPAddress2 & ":" & @IPAddress3), $IsConnected = "False", $IsIdent = "False"

Loop()

Func StringAddToken($satString, $satItem, $satToken) ; Add token to a sting: usage: StringAddToken(string,item,separators) => string<SEPARATOR>item
    Local $satSplit = StringSplit($satString,$satitem,1), $satCount = $satSplit[0]
    For $satCount To 0
        If StringInStr($satString, $satSplit[$satCount]) == 0 Then $satString = $satString & $satToken & $satSplit[$satCount]
        $satCount -= 1
    Next
    Return $satString
EndFunc ; ==> EndFunc 'StringAddToken($satString, $satItem, $satToken)'

Func SendData($socket,$data) ; Func who could send any data to report server
    ; maybe crypted ?? that would be cool!
    TCPSend($socket, $data)
EndFunc ; ==> EndFunc 'SendData($data)'

Func xConnect($ReportSocket, $ReportServer) ; xConnect : connect and identify to a Report Server
    Local $myid = IniRead("config.cfg", "user", "login","user"), $mypass = IniRead("config.cgf", "user", "passwd", "passwd")
    
    $ReportServer = StringSplit( FileRead("servers.lst"),":") ) ; setting report server (splitted in 'ip port')
    $ReportSocket = TCPConnect($ReportServer[1], $ReportServer[2]) ; launching socket
    
    If $ReportSocket <> -1 Then ; If socket sucessfull connected then sending Login/passwd
    
        Call("SenData",$ReportSocket,"login:"& $myid &":"& $mypass) ; calling Func 'SendData' (sending 'login:user:passwd' to socket '$ReportSocket')
    
        ; Then, wait for reply...
        $ConnectedSocket = -1
        Do
            $ConnectedSocket = TCPAccept($ReportSocket)
        Until $ConnectedSocket <> -1
    
        ;Getting Datas
        $recv = TCPRecv($ConnectedSocket, 2048)
    
        If @Error Then ; If Error: Closing Socket
            TCPCloseSocket($ConnectedSocket)
        Else ; Else
            $IsConnected = "True" ; setting var '$IsConnected' to 'True'
    
            ;if '300:welcome' is in (casesens) the msg, then setting '$IsIdent' to 'True'
            If StringInStr($ConnectedSocket,"300:WELCOME") == "1" Then $IsIdent = "True"
    
            ;elseif '400:ERRLOGIN' is in (casesens) the msg, then login wasn't sucessfull and closing socket.
            If StringInStr($ConnectedSocket, "400:ERRLOGIN") == "1" Then TCPCloseSocket($ConnectedSocket)
        EndIf
    EndIf
EndFunc ; ==> EndFunc xConnect

Func Loop() ; Main thread
    TrayTip("Loop", "Running", 2) ; Tooltip: running [ok]
    ;setting some vars
    Local $line = IniRead("config.cfg","config", "line", "1"), $path = IniRead("config.cfg", "config", "path", "firewall.log"), $inc = 0
    
    While 1 ; While 1 ...
        
        If $line <= _FileCountLines($path) Then ; If var 'line' is less or equal maxlines then
            If $IsConnected == "True" Then ; If the socket is opened...
                If  $IsIdent == "True" Then ; if the client (you) is identified
                
                    Local $read = FileReadLine($path, $line) ; setting '$read' as line readed in '$path'
            
                    ; Changing some chr , for an easier use later.
                    $read = StringReplace($read, "@",":") ;;;; "@" \          ;;;;
                    $read = StringReplace($read, "'",":") ;;;; "'"  |         ;;;;
                    $read = StringReplace($read, '"',':') ;;;; '"'  |         ;;;;
                    $read = StringReplace($read, " ",":") ;;;; " "   > To ":" ;;;;
                    $read = StringReplace($read, "<",":") ;;;; "<"  |         ;;;;
                    $read = StringReplace($read, ">",":") ;;;; ">"  |         ;;;;
                    $read = StringReplace($read, "|",":") ;;;; "|" /          ;;;;
                
                    ; splitting '$stringSplit' with chr ':' AND setting '$stringDec' at total splitted items AND creating var '$stringitem' to null
                    Local $stringsplit = StringSplit($read,":"), $stringDec = $stringsplit[0], $stringitem
                    While $stringDec > 0 ; while '$stringDec' > 0 
                        
                        $stringitem = $stringsplit[$stringDec] ; setting curent item
                        
                        ; if current item is an Ip AND is not protected, then report...
                        If Isip($stringitem) == "$true" AND StringInStr($DontScan,$stringitem) == 0 Then SendData($stringitem)
                        If $stringDec == 1 Then ExitLoop ; If the last item was scanned, exiting loop
                        $stringDec -= 1 ; else, '$stringDec' - 1
                    WEnd ; End Of While
                    $line += 1 ; Incrementig line to read
                EndIf
            Else ; Else : just trying to connect to a report server...
                xConnect()
            EndIf
        EndIf
    WEnd
EndFunc ; ===> EndFunc 'Loop()'oÝ÷ ØÚ0¶¬z»Þ®+0®+myÖ§uû§rبv¥_ºYrµë-yÖî¶z®º+¢{-j»n¥«­¢+ØÌ´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´((Õѽ%ÐYÉÍ¥½¸è̸ȸÄȸÄ(ÕÑ¡½ÈèMѹØ((MÉ¥ÁÐչѥ½¸è(%1½
¡¬ÍÉÙȸ((´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´()±½°ÀÌØí¹±åéM½­Ð°ÀÌØí¹±åéÑ°ÀÌØíÙÉÍ¥½¸ôÅÕ½ÐìÀ¸Ä¡Ñ¤ÅÕ½Ðì°ÀÌØíѽ­}¥Ñ´()5¥¹Q¡É ¤()Õ¹5¥¹Q¡É ¤(%1½°ÀÌØíÍé%AIMLô%¹¥I ÅÕ½Ðí½¹¥¹¥¹¤ÅÕ½Ðì°ÅÕ½ÐíÍÉÙÈÅÕ½Ðì°ÅÕ½Ðí±¥ÍѸÅÕ½Ðì°ÅÕ½ÐìÄÈܸÀ¸À¸ÄèÅÕ½ÐìµÀì%AÉÍÌĤ($(%1½°ÀÌØíµå¥ÀôÅÕ½ÐìÄÈܸÀ¸À¸ÄÅÕ½Ðì°ÀÌØí¹A=IPô%¹¥I ÅÕ½Ðí½¹¥¹¥¹¤ÅÕ½Ðì°ÅÕ½ÐíÍÉÙÈÅÕ½Ðì°ÅÕ½ÐíÁ½ÉÐÅÕ½Ðì°ÅÕ½ÐìÌÀÀÅÕ½Ðì¤(%1½°ÀÌØí5¥¹M½­Ð°ÀÌØí
½¹¹ÑM½­Ð°ÀÌØíÍé%A}ÁÑ°ÀÌØíÉØ(($ìMÑÉÐQ¡Q
@MÉÙ¥Ì($ìôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôô(%Q
AMÑÉÑÕÀ ¤(($ì
ÉÑ1¥Íѹ¥¹ÅÕ½ÐíM=
-PÅÕ½Ðì¸($ìUÍ¥¹å½ÕÈ%@ÉÍ̹A½ÉÐÌÌàäÄÝ¥Ñ ÔÀÀ½¹¹Ñ¥½¹Ìµà¸($ìôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôô($ÀÌØí5¥¹M½­ÐôQ
A1¥ÍѸ ÀÌØíµå¥À°ÀÌØí¹A=IP°ÔÀÀ¤((%%ÀÌØí5¥¹M½­Ð±ÐìÐì´ÄQ¡¸($%QÉåQ¥À ÅÕ½Ðí1½
¡¬mÍÉÙÉtÅÕ½Ðì°ÅÕ½Ðí]¥Ñ¥¹½È½¹¹Ñ¥½¸¸¸¸ÅÕ½Ðì°Ô°Ä¤($$($$ì%¹¥Ñ¥±¥éÙÉ¥±Ñ¼ÉÁÉ͹н¹¹Ñ¥½¸($$ìôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôô($$ÀÌØí
½¹¹ÑM½­Ðô´Ä((($$í]¥Ð½È¹Áн¹¹Ñ¥½¸($$ìôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôô($($$$ÀÌØí
½¹¹ÑM½­ÐôQ
AÁÐ ÀÌØí5¥¹M½­Ð¤($%U¹Ñ¥°ÀÌØí
½¹¹ÑM½­Ð±ÐìÐì´Ä((($$ìÐ%@½±¥¹Ð½¹¹Ñ¥¹($$ÀÌØíÍé%A}ÁÑôM½­ÑQ½%@ ÀÌØí
½¹¹ÑM½­Ð¤($$($%QÉåQ¥À ÅÕ½Ðí1½
¡¬mÍÉÙÉtÅÕ½Ðì°ÅÕ½Ðí9ܽ¹¹Ñ¥½¸É½´èÅÕ½ÐìµÀìÀÌØíÍé%A}ÁѰ԰Ĥ($$($$ìQÉäѼɥ١ÕÀѼ¤ÈÀÐàåÑÌ($$ì´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´($$ÀÌØíÉØôQ
AIØ ÀÌØí
½¹¹ÑM½­Ð°ÈÀÐà¤($$($$ì%Ñ¡É¥Ù¥±Ý¥Ñ ÉɽÈÑ¡¸Ñ¡Í½­Ð¡Ì¥Í½¹¹Ñ($$ì9Iµ½Ù¥¹Í½­Ðɽ´¥¹Ñ¥¥Í½­Ð¸¸¸($$ì´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´($%%ÉɽÈQ¡¸($$%%¹¥±Ñ ÅÕ½ÐíÕÑ ¹¥¹¤ÅÕ½Ðì°ÅÕ½Ðí±½ÅÕ½Ðì°ÀÌØí
½¹¹ÑM½­Ð¤($$%QÉåQ¥À ÅÕ½Ðí1½
¡¬mÍÉÙÉtÅÕ½Ðì°ÅÕ½Ðí
½¹¹Ñ¥½¸É½´èÅÕ½ÐìµÀìÀÌØíÍé%A}ÁѵÀìÅÕ½Ðì±½ÍÅÕ½Ðì°Ô°Ì¤($$($$ì±Í($%±Í($$$ì%±¥¹ÐÑÉäѼ±½%¸($$%%MÑÉ¥¹%¹MÑÈ ÀÌØíÉØ°ÅÕ½Ðí1=%8èÅÕ½Ðì¤ôôĹ%Í1½ ÀÌØí
½¹¹ÑM½­Ð¤ôôÅÕ½Ðí±ÍÅÕ½ÐìQ¡¸%ͽ½ÕÑ  ÀÌØí
½¹¹ÑM½­Ð°ÀÌØíÉؤ($$$ì%±¥¹Ð͹ÌÉÁ½ÉÐ9¥Ì±½%¸($$%%MÑÉ¥¹%¹MÑÈ ÀÌØíÉØ°ÅÕ½ÐíIA=IPèÅÕ½Ðì¤ôôĹ%Í1½ ÀÌØí
½¹¹ÑM½­Ð¤ôôÅÕ½ÐíQÉÕÅÕ½ÐìQ¡¸¹±åé ÀÌØí
½¹¹ÑM½­Ð°ÀÌØíÍé%A}ÁÑ°ÀÌØíÉؤ($%¹%(%¹%)¹Õ¹()Õ¹%ͽ½ÕÑ  ÀÌØíͽ­¹µ°ÀÌØíÑ̤($ÀÌØí%ÍÁ±¥ÑÑôMÑÉ¥¹MÁ±¥Ð ÀÌØíÑÌ°ÅÕ½ÐìèÅÕ½Ðì¤($ÀÌØí%±½¥¸ôÀÌØí%ÍÁ±¥ÑÑlÉt($ÀÌØí¥ÁÍÍÝôÀÌØí%ÍÁ±¥ÑÑlÍt($(%%%¹¥I ÅÕ½ÐíÕÑ ¹¥¹¤ÅÕ½Ðì°ÅÕ½ÐíÕÍÉÌÅÕ½Ðì°ÀÌØí%±½¥¸¤ôôÀÌØí¥ÁÍÍÝQ¡¸($%%¹¥]É¥Ñ ÅÕ½ÐíÕÑ ¹¥¹¤ÅÕ½Ðì°ÅÕ½Ðí±½ÅÕ½Ðì°ÀÌØíͽ­¹µ°ÀÌØí%±½¥¸¤($%Q
AM¹ ÀÌØíͽ­¹µ°ÅÕ½ÐìÌÀÀé]1
=5ÅÕ½Ðì¤($%QÉåQ¥À ÅÕ½Ðí1½
¡¬mÍÉÙÉtÅÕ½Ðì°ÀÌØíÍé%A}ÁѵÀìÅÕ½Ðí±½¥¸¸ÅÕ½Ðì°Ô°È¤($$(%±Í($%Q
AM¹ ÀÌØíͽ­¹µ°ÅÕ½ÐìÐÀÀéII1=%8ÅÕ½Ðì¤($%Q
A
±½ÍM½­Ð ÀÌØíͽ­¹µ¤($%QÉåQ¥À ÅÕ½Ðí1½
¡¬mÍÉÙÉtÅÕ½Ðì°ÀÌØíÍé%A}ÁѵÀìÅÕ½ÐìÉɽȽ¸±½¥¸ÅÕ½Ðì°Ô°Ì¤($$(%¹%)¹Õ¹()Õ¹¹±åé ÀÌØí¹±åéM½­Ð°ÀÌØí¹±åéM½ÕÉ%À°ÀÌØí¹±åéѤ(%1½°ÀÌØí¹±åéMÁ±¥ÐôMÑÉ¥¹MÁ±¥Ð ÀÌØí¹±åéÑ°ÅÕ½ÐìèÅÕ½Ð줰ÀÌØí¹±åéôÀÌØí¹±åéÑlÁt(%]¡¥±ÀÌØí¹±åéÐìÀ($$ÀÌØí¹±åé¥Ñ´ôÀÌØí¹±åéÑlÀÌØí¹±åét($%%%¹¥I ÅÕ½Ðí±½Ì¹¥¹¤ÅÕ½Ðì°ÀÌØí¹±åéM½ÕÉ%À°ÀÌØí¹±åé¥Ñ´°ÅÕ½Ðí9U10ÅÕ½Ðì¤ôôÅÕ½Ðí9U10ÅÕ½ÐìQ¡¸($$%%¹¥I ÅÕ½Ðí±½Ì¹¥¹¤ÅÕ½Ðì°ÀÌØí¹±åéM½ÕÉ%À°ÀÌØí¹±åé¥Ñ´°ÅÕ½ÐíQIUÅÕ½Ðì¤($$$ÀÌØí½Õ¹Ðô%¹¥I ÅÕ½Ðí±½Ì¹¥¹¤ÅÕ½Ðì°ÅÕ½Ðí½Õ¹ÐÅÕ½Ðì°ÀÌØí¹±åéM½ÕÉ%À°ÅÕ½ÐìÀÅÕ½Ðì¤($$$ÀÌØí½Õ¹Ð¬ôÄ($$$($$%%ÀÌØí½Õ¹ÐÐìÅÕ½ÐìÄÀÅÕ½ÐìQ¡¸($$$%%¹¥±Ñ ÅÕ½Ðí±½Ì¹¥¹¤ÅÕ½Ðì°ÅÕ½Ðí½Õ¹ÐÅÕ½Ðì°ÀÌØí¹±åéM½ÕÉ%À¤($$$%%¹¥±Ñ ÅÕ½Ðí±½Ì¹¥¹¤ÅÕ½Ðì°ÀÌØí¹±åéM½ÕÉ%À¤($$$%9Ñ¥½¸ ÀÌØí¹±åé¥Ñ´¤($$%±Í($$$%%¹¥I ÅÕ½Ðí±½Ì¹¥¹¤ÅÕ½Ðì°ÅÕ½Ðí½Õ¹ÐÅÕ½Ðì°ÀÌØí¹±åéM½ÕÉ%À°ÀÌØí½Õ¹Ð¤($$%¹%($$$ÀÌØí¹±åé´ôÄ($$%%ÀÌØí¹±åéôôÅÕ½ÐìÀÅÕ½Ðì=ÈÀÌØí¹±åéôôÅÕ½ÐìÄÅÕ½ÐìQ¡¸á¥Ñ1½½À($%¹%(%]¹)¹Õ¹

Share this post


Link to post
Share on other sites

#4 ·  Posted (edited)

Again, script updated...

The main thread was rethinked.

Now works fine, but no server online.

How does it work

If the file 'config.cfg' is not found, then setting var to defaults and probably would never find any ip...

Here's a sample of this file:

CODE

[user]

login=yourlogin

passwd=yourpasswd

[config]

dontscan=127.0.0.1:localhost.localdomain:mydomain.tld

path=File\To\LogFile

It's a simple ini file named in CFG. And the rest of the file will be build automatically during use.

Here the logchecker (client) code :

#cs ----------------------------------------------------------------------------

 AutoIt Version: 3.2.12.1
 Author:         SetEnv

 Script Function:
    Check for unwanted Ip's in the firewall log file, and then send the ip's to a server for more analyze.
    If thoses ip were found in others user's log file, then the system will try to stop these 'attacks'...
    More Infos: <myemail>
#ce ----------------------------------------------------------------------------

; includes
#Include <File.au3>

; Start main thread...
Loop()

; ==============================================================================
; Function 'StringAddToken($satString, $satItem, $satToken)
; Add token to a string: usage: StringAddToken(string,item,separators) 
; => string<SEPARATOR>item => string:item
; ==============================================================================
Func StringAddToken($satString, $satItem, $satToken)
    Local $satSplit = StringSplit($satString,$satitem,1), $satCount = $satSplit[0] ; setting some var
    While $satCount > 0 ; while items in list
        ; If item[1] is not in list, adding it
        If StringInStr($satString, $satSplit[$satCount]) == 0 Then $satString = $satString & $satToken & $satSplit[$satCount]
        $satCount -= 1 ; var '$satCount' - 1
    WEnd ; End Of While
    Return $satString ; Return value
EndFunc ; ==> EndFunc 'StringAddToken($satString, $satItem, $satToken)'

; ==============================================================================
; Function SendReport($SendString)
; Reporting String To server
; ==============================================================================
Func SendReport($SendString)
    
    Dim $RServer[2] ; Setting var
    
    $RServer = IniRead("servers.txt", "servers","none", "test:123") ; setting report server (server is not yet online... :S)
    $RServer = StringSplit($RServer,":")
    
    $RSocket = TCPConnect($RServer[1], $RServer[2]) ; creating socket
    
    If $RSocket <> -1 Then ; If no error then
        ; def login/passwd - if none found, set to login:user , password:passwd
        Local $first = "login:" & IniRead("config.cfg", "user", "login", "user") &":"& IniRead("config.cfg", "user", "passwd", "passwd")
                
        TCPSend($RSocket, $first) ; Sending ID/PASSWD
        
        $ConnectedSocket = -1 ; Setting '$ConnectedSocket' to -1
                
        Do ; wait response
            $ConnectedSocket = TCPAccept($ReportSocket)
        Until $ConnectedSocket <> -1
    
        $recv = TCPRecv($ConnectedSocket, 2048) ; Getting Data
    
        If @Error Then ; If Error: Closing Socket
            TCPCloseSocket($ConnectedSocket)
    
        Else ; Else
            
            ;if response equals to '400:ERRLOGIN' then the login failed. Closing socket.
            If StringInStr($ConnectedSocket, "400:ERRLOGIN") == "1" Then TCPCloseSocket($ConnectedSocket)   
            
            ;if response equals to '300:WELCOME' then login was a success. Reporting string.
            If StringInStr($ConnectedSocket,"300:WELCOME") == "1" Then TCPSend($ConnectedSocket,"REPORT:" & $SendString); sending string
            
            ;if response equals to '500:OK' then I know the string sended was recorded. Removing it.
            If StringInStr($ConnectedSocket,"500:OK") == "1" Then $SendString = " " ; setting string as blank
        
        EndIf ; EndIf
    EndIf ; Again...
EndFunc ; ==> EndFunc SendReport()



; ==============================================================================
; Function Replace($ReplaceString, $ReplaceItems, $ReplaceToken)
; this function replace multi chr in string /// 
; ie: Replace("this;is'a test,";,', ",":") will-*may*- return 'this:is:a:test'
; ==============================================================================
Func Replace($ReplaceString, $ReplaceItems, $ReplaceToken) ; gets string, item, separator
    ; setting some var
    Local $ReplaceSplit = StringSplit($ReplaceItems,","), $ReplaceDec = $ReplaceSplit[0], $ReplaceReturn = $ReplaceString
    
    While $ReplaceDec > 0 ; while items in chain
        $ReplaceReturn = StringReplace($ReplaceReturn, $ReplaceSplit[$ReplaceDec], $ReplaceToken) ; replacing...
        
        $ReplaceDec =- 1 ; var '$ReplaceDec' - 1
    WEnd ; End Of While
    Return $ReplaceReturn ; return value
EndFunc ; ==> EndFunc 'Replace($ReplaceString, $ReplaceItem, $ReplaceToken)'



; ==============================================================================
; Function 'Isip($xisip)' : If item is an IP Return True, otherwise, return False
; ==============================================================================

Func Isip($xisip)
    Local $IsipSplit = StringSplit($xisip, "."), $IsIpCnt = $IsipSplit[0]
   
    If $IsIpCnt <> "4" Then 
        Return "False"
    Else
        While $IsIpCnt > "0"
            $xisiptemp = StringRegExp($IsipSplit[$IsIpCnt],'1-254')
            If $xisiptemp <> 1  Then Return "False"
            $IsIpCnt -= 1
        WEnd
        Return "True""
    EndIf
EndFunc ; ==> EndFunc 'Isip($xisip)'
        
; ==============================================================================

; ==============================================================================
; Function 'loop()'
; ==============================================================================
Func Loop() ; Main thread
    TCPStartup()
    TrayTip("Loop", "Starting... ", 3,1) 

    ;setting some vars
    
    Global $line = IniRead("config.cfg","config", "line", "1"), $path = IniRead("config.cfg", "config", "path", "firewall.log")
    Global $DontReport = IniRead("config.cfg", "config", "dontscan", "127.0.0.1:" & @IPAddress1 & ":" & @IPAddress2 & ":" & @IPAddress3)  
    Global $ReportString, $SendString = " "
    
    While 1 ; While
        
        If $line <= _FileCountLines($path) Then ; If var 'line' is less or equal as maxlines then
        
            ; Setting some var
            Local $read = FileReadLine($path, $line), $read = Replace($read,' ,",|,@,#,<,>', ':'), $stringsplit, $stringDec
            Local $stringsplit = StringSplit($read,":"), $stringDec = $stringsplit[0]

            While $stringDec >= 1 ; while items in readLine
                
                ; setting some var (again)
                Local $stringitem = $stringsplit[$stringDec], $isip = isip($stringitem), $IsProtect = StringInStr($DontReport,$stringitem)
                
                ; if current item is an Ip AND is not protected, then report... 
                If $isip == "True" And $IsProtect == "0" Then $ReportString = StringAddToken($ReportString, $stringitem, ":")
                
                $stringDec -= 1 ; '$stringDec' - 1
            
            WEnd ; End Of While
            $line += 1 ; Incrementig line to read
        
        Else ; Else
            If $ReportString <> " " Then SendReport($ReportString) ; After this long loop, verify if a new list was created. If yes, then reporting it.
        EndIf ; EndIf
    WEnd ; End Of While
EndFunc ; ===> EndFunc 'Loop()'oÝ÷ Ø Ý¶¬z»Þ¯¬_ºYrµë-yÓÉ·¬¢gº­êkzǧµ«­¢+ØÌ´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´((Õѽ%ÐYÉÍ¥½¸è̸ȸÄȸÄ(ÕÑ¡½ÈèMѹØ((MÉ¥ÁÐչѥ½¸è(%1½
¡¬ÍÉÙȸ((´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´´()±½°ÀÌØí¹±åéM½­Ð°ÀÌØí¹±åéÑ°ÀÌØíÙÉÍ¥½¸ôÅÕ½ÐìÀ¸Ä¡Ñ¤ÅÕ½Ðì°ÀÌØíѽ­}¥Ñ´()5¥¹Q¡É ¤()Õ¹MÑÉ¥¹Q½­¸ ÀÌØíÍÑMÑÉ¥¹°ÀÌØíÍÑ%Ñ´°ÀÌØíÍÑQ½­¸¤(%1½°ÀÌØíÍÑMÁ±¥ÐôMÑÉ¥¹MÁ±¥Ð ÀÌØíÍÑMÑÉ¥¹°ÀÌØíÍѥѴ°Ä¤°ÀÌØíÍÑ
½Õ¹ÐôÀÌØíÍÑMÁ±¥ÑlÁtìÍÑÑ¥¹Í½µÙÈ(%]¡¥±ÀÌØíÍÑ
½Õ¹ÐÐìÀìÝ¡¥±¥ÑµÌ¥¸±¥ÍÐ($$ì%¥ÑµlÅt¥Ì¹½Ð¥¸±¥Íа¥¹¥Ð($%%MÑÉ¥¹%¹MÑÈ ÀÌØíÍÑMÑÉ¥¹°ÀÌØíÍÑMÁ±¥ÑlÀÌØíÍÑ
½Õ¹Ñt¤ôôÀQ¡¸ÀÌØíÍÑMÑÉ¥¹ôÀÌØíÍÑMÑÉ¥¹µÀìÀÌØíÍÑQ½­¸µÀìÀÌØíÍÑMÁ±¥ÑlÀÌØíÍÑ
½Õ¹Ñt($$ÀÌØíÍÑ
½Õ¹Ð´ôÄìÙÈÌäìÀÌØíÍÑ
½Õ¹ÐÌäì´Ä(%]¹ì¹=]¡¥±(%IÑÕɸÀÌØíÍÑMÑÉ¥¹ìIÑÕɸٱÕ)¹Õ¹ìôôÐì¹Õ¹ÌäíMÑÉ¥¹Q½­¸ ÀÌØíÍÑMÑÉ¥¹°ÀÌØíÍÑ%Ñ´°ÀÌØíÍÑQ½­¸¤Ìäì((()Õ¹5¥¹Q¡É ¤(%1½°ÀÌØíÍé%AIMLô%¹¥I ÅÕ½Ðí½¹¥¹¥¹¤ÅÕ½Ðì°ÅÕ½ÐíÍÉÙÈÅÕ½Ðì°ÅÕ½Ðí±¥ÍѸÅÕ½Ðì°ÅÕ½ÐìÄÈܸÀ¸À¸ÄèÅÕ½ÐìµÀì%AÉÍÌĤ($(%1½°ÀÌØíµå¥ÀôÅÕ½ÐìÄÈܸÀ¸À¸ÄÅÕ½Ðì°ÀÌØí¹A=IPô%¹¥I ÅÕ½Ðí½¹¥¹¥¹¤ÅÕ½Ðì°ÅÕ½ÐíÍÉÙÈÅÕ½Ðì°ÅÕ½ÐíÁ½ÉÐÅÕ½Ðì°ÅÕ½ÐìÌÀÀÅÕ½Ðì¤(%1½°ÀÌØí5¥¹M½­Ð°ÀÌØí
½¹¹ÑM½­Ð°ÀÌØíÍé%A}ÁÑ°ÀÌØíÉØ(($ìMÑÉÐQ¡Q
@MÉÙ¥Ì($ìôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôô(%Q
AMÑÉÑÕÀ ¤(($ì
ÉÑ1¥Íѹ¥¹ÅÕ½ÐíM=
-PÅÕ½Ðì¸($ìUÍ¥¹å½ÕÈ%@ÉÍ̹A½ÉÐÌÌàäÄÝ¥Ñ ÔÀÀ½¹¹Ñ¥½¹Ìµà¸($ìôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôô($ÀÌØí5¥¹M½­ÐôQ
A1¥ÍѸ ÀÌØíµå¥À°ÀÌØí¹A=IP°ÔÀÀ¤((%%ÀÌØí5¥¹M½­Ð±ÐìÐì´ÄQ¡¸($%QÉåQ¥À ÅÕ½Ðí1½
¡¬mÍÉÙÉtÅÕ½Ðì°ÅÕ½Ðí]¥Ñ¥¹½È½¹¹Ñ¥½¸¸¸¸ÅÕ½Ðì°Ô°Ä¤($$($$ì%¹¥Ñ¥±¥éÙÉ¥±Ñ¼ÉÁÉ͹н¹¹Ñ¥½¸($$ìôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôô($$ÀÌØí
½¹¹ÑM½­Ðô´Ä((($$í]¥Ð½È¹Áн¹¹Ñ¥½¸($$ìôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôô($%¼($$$ÀÌØí
½¹¹ÑM½­ÐôQ
AÁÐ ÀÌØí5¥¹M½­Ð¤($%U¹Ñ¥°ÀÌØí
½¹¹ÑM½­Ð±ÐìÐì´Ä((($$ìÐ%@½±¥¹Ð½¹¹Ñ¥¹($$ÀÌØíÍé%A}ÁÑôM½­ÑQ½%@ ÀÌØí
½¹¹ÑM½­Ð¤($$($%QÉåQ¥À ÅÕ½Ðí1½
¡¬mÍÉÙÉtÅÕ½Ðì°ÅÕ½Ðí9ܽ¹¹Ñ¥½¸É½´èÅÕ½ÐìµÀìÀÌØíÍé%A}ÁѰ԰Ĥ($$($$ìQÉäѼɥ١ÕÀѼ¤ÈÀÐàåÑÌ($$ìôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôô($$ÀÌØíÉØôQ
AIØ ÀÌØí
½¹¹ÑM½­Ð°ÈÀÐà¤($$($$ì%Ñ¡É¥Ù¥±Ý¥Ñ ÉɽÈÑ¡¸Ñ¡Í½­Ð¡Ì¥Í½¹¹Ñ($$ì9Iµ½Ù¥¹Í½­Ðɽ´¥¹Ñ¥¥Í½­Ð¸¸¸($$ìôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôôô($%%ÉɽÈQ¡¸($$%%¹¥±Ñ ÅÕ½ÐíÕÑ ¹¥¹¤ÅÕ½Ðì°ÅÕ½Ðí±½ÅÕ½Ðì°ÀÌØí
½¹¹ÑM½­Ð¤($$%QÉåQ¥À ÅÕ½Ðí1½
¡¬mÍÉÙÉtÅÕ½Ðì°ÅÕ½Ðí
½¹¹Ñ¥½¸É½´èÅÕ½ÐìµÀìÀÌØíÍé%A}ÁѵÀìÅÕ½Ðì±½ÍÅÕ½Ðì°Ô°Ì¤($$($$ì±Í($%±Í($$$ì%±¥¹ÐÑÉäѼ±½%¸($$%%MÑÉ¥¹%¹MÑÈ ÀÌØíÉØ°ÅÕ½Ðí1=%8èÅÕ½Ðì¤ôôĹ%Í1½ ÀÌØí
½¹¹ÑM½­Ð¤ôôÅÕ½Ðí±ÍÅÕ½ÐìQ¡¸%ͽ½ÕÑ  ÀÌØí
½¹¹ÑM½­Ð°ÀÌØíÉؤ($$$ì%±¥¹Ð͹ÌÉÁ½ÉÐ9¥Ì±½%¸($$%%MÑÉ¥¹%¹MÑÈ ÀÌØíÉØ°ÅÕ½ÐíIA=IPèÅÕ½Ðì¤ôôĹ%Í1½ ÀÌØí
½¹¹ÑM½­Ð¤ôôÅÕ½ÐíQÉÕÅÕ½ÐìQ¡¸¹±åé ÀÌØí
½¹¹ÑM½­Ð°ÀÌØíÍé%A}ÁÑ°ÀÌØíÉؤ($%¹%(%¹%)¹Õ¹()Õ¹%ͽ½ÕÑ  ÀÌØíͽ­¹µ°ÀÌØíÑ̤($ÀÌØí%ÍÁ±¥ÑÑôMÑÉ¥¹MÁ±¥Ð ÀÌØíÑÌ°ÅÕ½ÐìèÅÕ½Ðì¤($ÀÌØí%±½¥¸ôÀÌØí%ÍÁ±¥ÑÑlÉt($ÀÌØí¥ÁÍÍÝôÀÌØí%ÍÁ±¥ÑÑlÍt($(%%%¹¥I ÅÕ½ÐíÕÑ ¹¥¹¤ÅÕ½Ðì°ÅÕ½ÐíÕÍÉÌÅÕ½Ðì°ÀÌØí%±½¥¸¤ôôÀÌØí¥ÁÍÍÝQ¡¸($%%¹¥]É¥Ñ ÅÕ½ÐíÕÑ ¹¥¹¤ÅÕ½Ðì°ÅÕ½Ðí±½ÅÕ½Ðì°ÀÌØíͽ­¹µ°ÀÌØí%±½¥¸¤($%Q
AM¹ ÀÌØíͽ­¹µ°ÅÕ½ÐìÌÀÀé]1
=5ÅÕ½Ðì¤($%QÉåQ¥À ÅÕ½Ðí1½
¡¬mÍÉÙÉtÅÕ½Ðì°ÀÌØíÍé%A}ÁѵÀìÅÕ½Ðí±½¥¸¸ÅÕ½Ðì°Ô°È¤($$(%±Í($%Q
AM¹ ÀÌØíͽ­¹µ°ÅÕ½ÐìÐÀÀéII1=%8ÅÕ½Ðì¤($%Q
A
±½ÍM½­Ð ÀÌØíͽ­¹µ¤($%QÉåQ¥À ÅÕ½Ðí1½
¡¬mÍÉÙÉtÅÕ½Ðì°ÀÌØíÍé%A}ÁѵÀìÅÕ½ÐìÉɽȽ¸±½¥¸ÅÕ½Ðì°Ô°Ì¤($$(%¹%)¹Õ¹((ím±½¥Át(í¹±åé¥Ñ´õ¹±¹±¹°èÀÌØí¹±åéM½ÕÉ%À(()Õ¹¹±åé ÀÌØí¹±åéM½­Ð°ÀÌØí¹±åéM½ÕÉ%À°ÀÌØí¹±åéѤ(%1½°ÀÌØí¹±åéMÁ±¥ÐôMÑÉ¥¹MÁ±¥Ð ÀÌØí¹±åéÑ°ÅÕ½ÐìèÅÕ½Ð줰ÀÌØí¹±åéôÀÌØí¹±åéÑlÁt(%]¡¥±ÀÌØí¹±åéÐìÀ($%1½°ÀÌØí¹±åé¥Ñ´ôÀÌØí¹±åéÑlÀÌØí¹±åét°ÀÌØí%¹¥Iô%¹¥I ÅÕ½Ðí±½Ì¹¥¹¤ÅÕ½Ðì°ÅÕ½Ðí±½¥ÀÅÕ½Ðì°ÀÌØí¹±åé¥Ñ´°ÅÕ½Ðí5AQdÅÕ½Ðì¤($%%ÀÌØí%¹¥IôôÅÕ½Ðí5AQdÅÕ½ÐìQ¡¸%¹¥]É¥Ñ ÅÕ½Ðí±½Ì¹¥¹¤ÅÕ½Ðì°ÅÕ½Ðí±½¥ÀÅÕ½Ðì°ÀÌØí¹±åé¥Ñ´°ÀÌØí¹±åéM½ÕÉ%À¤($%%ÀÌØí%¹¥I±ÐìÐìÅÕ½Ðí5AQdÅÕ½ÐìQ¡¸($$%1½°ÀÌØí%¹¥Q½­¸ôMÑÉ¥¹Q½­¸ ÀÌØí%¹¥I°ÀÌØí¹±åé¥Ñ´°ÅÕ½ÐìèÅÕ½Ð줰ÀÌØí%¹¥MÁ±¥ÐôMÑÉ¥¹MÁ±¥Ð ÀÌØí%¹¥Q½­¸°ÅÕ½ÐìèÅÕ½Ðì¤($$%%ÀÌØí%¹¥MÁ±¥ÐÐìôÈÀQ¡¸9Ñ¥½¸ ÀÌØí%¹¥MÁ±¥Ð¤($$%%ÀÌØí%¹¥MÁ±¥Ð±ÐìÈÀQ¡¸%¹¥]É¥Ñ ÅÕ½Ðí±½Ì¹¥¹¤ÅÕ½Ðì°ÅÕ½Ðí±½¥ÀÅÕ½Ðì°ÀÌØí¹±åé¥Ñ´°ÀÌØí¹±åéM½ÕÉ%À¤($%¹%(%]¹(%Q
AM¹ ÀÌØí¹±åéM½­Ð°ÅÕ½ÐìÔÀÀé=,ÅÕ½Ðì¤)¹Õ¹

Fell free to give any suggestion, bug report, etc ...

Edited by SetEnv

Share this post


Link to post
Share on other sites

#5 ·  Posted (edited)

New update: 21/07/2008 @ 20:40

Log Checker:

Changes

  • Replaced created-function 'StringAddToken()' by '_ArrayAdd()',
  • Replaced 2 'while' by 'For x = y to z then step',
  • Several minor bugs,
  • Now the datas between the client / server are crypted,
  • Function TCPShutdown() added,
  • Can now receive data from ReportServer,

Note:

The codes are not finished yet, and these tools are not fully working (don't work at all in fact).

LogChecker.au3

LogCheck_server.au3

Edited by SetEnv

Share this post


Link to post
Share on other sites

#6 ·  Posted (edited)

new update...

Change made on the client

; Changes

; * New Function: CreateNewIdentity --- Create new identify sended by server

; * AutoSaving Work --- See '$SaveInc' and SaveWork()

; * Function 'Loop()' revisited and reorganized.

; * Function 'Replace($string, $token)' Rewritted (This function really suck now... I need to re-rewrite it!)

; * If log file present, then correctly exact unknown ip's.

; * Correction of several bugs, again...

;

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

;;;;;;;;;

And on the server

; Changes

; * GetAbuseEmail($IpAddress) : Try to find an abuse email about ip adress -telnetting whois.arin.net:43-

; * SendNewIdentity($client, $key) : Create random identity for new client,

; * SendReportToProvider($IpAddress) : Report an abuse to the e-mail address found with 'GetAbuseEmail()',

; * Correction of several bugs,

; * Many other things...

Any impression?

LogChecker.au3

LogCheck_server.au3

Edited by SetEnv

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0