mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
79 lines
1.5 KiB
Tcsh
Executable file
79 lines
1.5 KiB
Tcsh
Executable file
#! /bin/csh -f
|
|
#
|
|
# Given Bro connection summary files, reports on the activities of
|
|
# particular host(s) or net(s).
|
|
#
|
|
# mon-report [-n] [-t] [-x] h1 [-a h2] file ...
|
|
#
|
|
# reports on all connections involving host "h1", or "h1" and "h2" if -a
|
|
# specified. -n means that h1 and h2 should be interpreted as IP addresses
|
|
# (either host or network) instead of hostnames. -t means to write to stdout
|
|
# the raw trace file instead of the hot report. -x is passed along to
|
|
# hot-report to specify exact byte counts and durations (unless -t is given).
|
|
|
|
set usage = "mon-report [-n] [-t] [-x] h1 [-a h2] file ..."
|
|
set GREP = "grep -E"
|
|
|
|
if ( "$1" == "-n" ) then
|
|
setenv REPORT_NET
|
|
shift
|
|
mon-report $*
|
|
exit
|
|
endif
|
|
|
|
if ( "$1" == "-t" ) then
|
|
setenv REPORT_TO_STDOUT
|
|
shift
|
|
mon-report $*
|
|
exit
|
|
endif
|
|
|
|
if ( "$1" == "-x" ) then
|
|
setenv EXACT
|
|
shift
|
|
mon-report $*
|
|
exit
|
|
endif
|
|
|
|
if ( "$1" == "" ) then
|
|
echo "$usage"
|
|
exit
|
|
endif
|
|
|
|
set h1=$1
|
|
shift
|
|
|
|
set h2
|
|
if ( "$1" == "-a" ) then
|
|
shift
|
|
if ( "$1" == "" ) then
|
|
echo "$usage"
|
|
exit
|
|
endif
|
|
setenv H2
|
|
set h2=$1
|
|
shift
|
|
endif
|
|
|
|
if ( $?REPORT_TO_STDOUT ) then
|
|
set out="cat"
|
|
else
|
|
if ( $?EXACT ) then
|
|
set out="hot-report -x"
|
|
else
|
|
set out="hot-report"
|
|
endif
|
|
endif
|
|
|
|
if ( $?REPORT_NET ) then
|
|
if ( $?H2 ) then
|
|
cat $* | $GREP " `echo $h1 | sed 's/\./\\./g;s/ /|/g'`[. ]" | \
|
|
$GREP " `echo $h2 | sed 's/\./\\./g;s/ /|/g'`[. ]" | \
|
|
sort -n | $out
|
|
else
|
|
cat $* | $GREP " `echo $h1 | sed 's/\./\\./g;s/ /|/g'`[. ]" | \
|
|
sort -n | $out
|
|
endif
|
|
else
|
|
cat $* | host-grep -a $h1 $h2 | sort -n | $out
|
|
endif
|