接続したドメインをすべて抽出するために作成。Ubuntu 12.04用
Firewall でドメイン単位の接続許可を与える際に使用する。
作成 2012.08.09
更新 2012.11.19
更新 2012.11.19
Squid のログから接続したドメインを抽出する
ドメイン一覧
#!/usr/bin/perl
use strict;
use warnings;
use constant ACLOG => '/var/log/squid3/access.log';
&cat_list(ACLOG);
sub cat_list{
my %list = ();
my $proto;
my $port;
my $domain;
open( my $fh, '<', $_[0] ) or die "$!";
while(<$fh>){
my $method = '';
my $url = '';
$domain = '';
$port = '';
$proto = 'HTTP';
($method, $url) = (split(/ +/))[5,6];
if($method eq 'CONNECT'){
($domain,$port) = split(/:/,$url);
$proto = 'HTTPS';
}elsif($url =~ /^([a-zA-Z0-9]+):\/\/([^\/:]+):?([0-9]*)\//){
$proto = uc($1);
$domain = $2;
$port = $3;
if($proto eq 'HTTP' && $port eq ''){
$port = '80';
}elsif($proto eq 'FTP' && $port eq ''){
$port = '21';
}elsif($proto eq 'SFTP' && $port eq ''){
$port = '22';
}elsif($proto eq 'FTPS' && $port eq ''){
$port = '990';
}
}else{
$proto = 'UNKNOWN';
$domain = $url;
}
$domain = join('.',reverse(split(/\./,$domain)));
if(!exists $list{$proto}{$port}{$domain} ){
$list{$proto}{$port}{$domain} = 1;
# print $proto,"\t",$domain,"\t",$port,"\n";
}
}
my @keys_proto = keys %list;
@keys_proto = sort @keys_proto;
foreach $proto (@keys_proto){
my @keys_port = keys $list{$proto};
@keys_port = sort @keys_port;
foreach $port (@keys_port){
my @keys_domain = keys $list{$proto}{$port};
@keys_domain = sort @keys_domain;
foreach $domain (@keys_domain) {
$domain = join('.',reverse(split(/\./,$domain)));
print $proto,"\t",$domain,"\t",$port,"\n";
}
}
}
}
ログのクリア
#!/bin/sh mv /var/log/squid3/access.log /var/log/squid3/access.log.1 touch /var/log/squid3/access.log chown proxy:proxy /var/log/squid3/access.log /usr/sbin/squid3 -k rotate