Hello. I've been stuck on this problem for a few hours and can't really think of anything that makes sense anymore. I know my script can be written better. Feel free to give me some pointers but I really just want to get it working as-is for now. I am basically at the point of exhaustion right now, so I will do my best to be coherent.
My script goes through a file called pflog, copies the lines to pf.cut, and counts lines that repeat (based on only the traffic direction and destination IP for now) and then enters how many lines repeated before continuing on. It looks like my script is having trouble entering the Repeat Loop. I added a little bit of debugging functionality which shows the script basically stops while doing the if compare in the Repeat Loop. Notice my second set of debug output for Compare1 and Compare does not fire. Any help is appreciated. Thank you.
Script:
Command Output:
pf.cut file where the output is written:
pflog file [truncated]
My script goes through a file called pflog, copies the lines to pf.cut, and counts lines that repeat (based on only the traffic direction and destination IP for now) and then enters how many lines repeated before continuing on. It looks like my script is having trouble entering the Repeat Loop. I added a little bit of debugging functionality which shows the script basically stops while doing the if compare in the Repeat Loop. Notice my second set of debug output for Compare1 and Compare does not fire. Any help is appreciated. Thank you.
Script:
Code:
#!/usr/local/bin/bash
# Variables
Counter=0
Repeat=0
Line=1
PrintLine=`head -$Line pflog | tail -1 >> pf.cut`
PrintRepeats="Previous line repeats $Counter times."
# Print the first line and set variables.
function Start() {
$PrintLine #Print the first line
}
# Comparison loop.
function Compare() {
Line=$(expr $Line + 1) # Increment the value of Line
head -$Line pflog | tail -1 >> pf.cut # Print the line.
Compare1=`head -$Line pflog | tail -1 | awk '{ print $14 $15 }'` # Set Compare1 to the next line.
Line=$(expr $Line + 1) # Increment the value of Line
Compare2=`head -$Line pflog | tail -1 | awk '{ print $14 $15 }'` # Set compare2 to the next line.
if [ "$Compare1" == "$Compare2" ]
then
Counter=$(expr $Counter + 1) # If the comparison is the same, increment the counter.
RepeatLoop # If the comparison is the same, we enter the Repeat loop
elif [ "$Compare1" != "$Compare2" ]
then
head -$Line pflog | tail -1 >> pf.cut # Print the line.
Compare # Otherwise, we keep comparing lines with the Comparison loop.
fi
}
# Repeat loop.
function RepeatLoop() {
Compare1=`head -$Line pflog | tail -1 | awk '{ print $14 $15 }'` # Set Compare1 to the next line.
Line=$(expr $Line + 1) # Increment the value of Line
Compare2=`head -$Line pflog | tail -1 | awk '{ print $14 $15 }'` # Set compare2 to the next line.
echo "Compare1 is set to before repeat compare: $Compare1" ## DEBUG
echo "Compare2 is set to before repeat compate: $Compare2" ## DEBUG
if [ "Compare1" == "Compare2" ]
then
echo "Compare1 is set to before exit: $Compare1" ## DEBUG
echo "Compare2 is set to before exit: $Compare2" ## DEBUG
Counter=$(expr $Counter + 1) # If the comparison is the same, increment the counter.
RepeatLoop # And keep on looping.
elif [ "$Compare1" != "$Compare2" ]
then
echo "Previous line repeats $Counter times." >> pf.cut # Otherwise, print how many times the line repeated.
echo "Counter before reset is set to $Counter" ## DEBUG
Counter=0 # And reset the Counter variable to 0.
Compare # Then re-enter the Comparison loop.
fi
}
Start
Compare
#Debugging Script
echo "########### DEBUG ###########"
debug1=`head -$Line pflog | tail -1`
echo $debug1
echo "Line is set to $Line"
echo "Compare1 is set to $Compare1"
echo "Compare2 is set to $Compare2"
echo "Counter is set to $Counter"
Code:
[tay@yamagi ~]$ bash pf-debug
Compare1 is set to before repeat compare: >8.10.122.52.25:
Compare2 is set to before repeat compate: >8.10.122.52.25:
########### DEBUG ###########
Jun 19 05:30:00 test-mail pf: 00:00:00.000000 rule 84/0(match): pass in on em1: 65.54.190.221.2219 > 8.10.122.52.25:
Flags [S], seq 2413659835, win 65535, options [mss 1460,nop,nop,sackOK], length 0
Line is set to 8
Compare1 is set to >8.10.122.52.25:
Compare2 is set to >8.10.122.52.25:
Counter is set to 1pf.cut file where the output is written:
Code:
Jun 19 00:00:00 test-mail newsyslog[18949]: logfile turned over
Jun 19 02:55:00 test-mail pf: 00:00:00.000000 rule 58/0(match): pass in on em1: 8.10.122.59.49699 > 8.10.122.52.1122:
Flags [S], seq 774210412, win 65535, options [mss 1460,nop,wscale 1,nop,nop,TS[|tcp]>
Jun 19 03:35:00 test-mail pf: 00:00:00.000000 rule 97/0(match): pass out on em1: 8.10.122.52.123 > 8.10.122.41.123:
NTPv4, Client, length 48
Jun 19 03:35:00 test-mail pf: 00:01:14.149347 rule 84/0(match): pass in on em1: 175.41.211.68.43925 > 8.10.122.52.25:
Flags [S], seq 2923456337, win 5840, options [mss 1460,sackOK,TS[|tcp]>
Jun 19 03:40:00 test-mail pf: 00:00:00.000000 rule 86/0(match): pass in on em1: 175.41.211.68.43484 > 8.10.122.52.110:
Flags [S], seq 3266242850, win 5840, options [mss 1460,sackOK,TS[|tcp]>
Jun 19 05:25:00 test-mail pf: 00:00:00.000000 rule 84/0(match): pass in on em1: 65.54.190.210.2627 > 8.10.122.52.25:
Flags [S], seq 2346108985, win 65535, options [mss 1460,nop,nop,sackOK], length 0pflog file [truncated]
Code:
Jun 19 00:00:00 test-mail newsyslog[18949]: logfile turned over
Jun 19 02:55:00 test-mail pf: 00:00:00.000000 rule 58/0(match): pass in on em1: 8.10.122.59.49699 > 8.10.122.52.1122:
Flags [S], seq 774210412, win 65535, options [mss 1460,nop,wscale 1,nop,nop,TS[|tcp]>
Jun 19 03:35:00 test-mail pf: 00:00:00.000000 rule 97/0(match): pass out on em1: 8.10.122.52.123 > 8.10.122.41.123:
NTPv4, Client, length 48
Jun 19 03:35:00 test-mail pf: 00:01:14.149347 rule 84/0(match): pass in on em1: 175.41.211.68.43925 > 8.10.122.52.25:
Flags [S], seq 2923456337, win 5840, options [mss 1460,sackOK,TS[|tcp]>
Jun 19 03:40:00 test-mail pf: 00:00:00.000000 rule 86/0(match): pass in on em1: 175.41.211.68.43484 > 8.10.122.52.110:
Flags [S], seq 3266242850, win 5840, options [mss 1460,sackOK,TS[|tcp]>
Jun 19 05:25:00 test-mail pf: 00:00:00.000000 rule 84/0(match): pass in on em1: 65.54.190.210.2627 > 8.10.122.52.25:
Flags [S], seq 2346108985, win 65535, options [mss 1460,nop,nop,sackOK], length 0
Jun 19 05:25:00 test-mail pf: 00:01:13.719444 rule 84/0(match): pass in on em1: 65.54.190.210.3942 > 8.10.122.52.25:
Flags [S], seq 3776694856, win 65535, options [mss 1460,nop,nop,sackOK], length 0
Jun 19 05:30:00 test-mail pf: 00:00:00.000000 rule 84/0(match): pass in on em1: 65.54.190.221.2219 > 8.10.122.52.25:
Flags [S], seq 2413659835, win 65535, options [mss 1460,nop,nop,sackOK], length 0
Jun 19 05:35:00 test-mail pf: 00:00:00.000000 rule 84/0(match): pass in on em1: 65.54.190.218.41038 > 8.10.122.52.25:
Flags [S], seq 1545103464, win 65535, options [mss 1460,nop,nop,sackOK], length 0
Jun 19 05:50:00 test-mail pf: 00:00:00.000000 rule 58/0(match): pass in on em1: 8.10.122.59.54314 > 8.10.122.52.1122:
Flags [S], seq 352785291, win 65535, options [mss 1460,nop,wscale 1,nop,nop,TS[|tcp]>
Jun 19 06:10:00 test-mail pf: 00:00:00.000000 rule 58/0(match): pass in on em1: 8.10.122.59.59894 > 8.10.122.52.1122:
Flags [S], seq 1630398136, win 65535, options [mss 1460,nop,wscale 1,nop,nop,TS[|tcp]>
Jun 19 06:10:00 test-mail pf: 00:00:21.847065 rule 87/0(match): pass in on em1: 111.213.57.195.43880 > 8.10.122.52.143:
Flags [S], seq 404675207, win 14600, options [mss 1460,sackOK,TS[|tcp]>
Jun 19 06:10:00 test-mail pf: 00:01:45.961621 rule 87/0(match): pass in on em1: 111.213.57.195.43891 > 8.10.122.52.143:
Flags [S], seq 3002498740, win 14600, options [mss 1460,sackOK,TS[|tcp]>
Jun 19 06:10:00 test-mail pf: 00:00:01.001218 rule 87/0(match): pass in on em1: 111.213.57.195.43892 > 8.10.122.52.143:
Flags [S], seq 4253210919, win 14600, options [mss 1460,sackOK,TS[|tcp]>
