1: #!/bin/bash
   2: # $Header: $
   3: # First attempt at a consolidated auth log collection from kaserver
   4: # Timestamps in the raw files are NOT designed for easy sorting.
   5: #
   6: # Options:
   7: #  -i  -- translate hex IP addresses to dotted-decimal (relatively quick)
   8: #  -h  -- translate hex IP addresses to DNS names (somewhat slower - DNS lookups)
   9: #  -u user -- filter for the named user before translating addresses
  10: 
  11: hextodec()
  12: {
  13:    # convert the IP address in reverse-hex to dotted-decimal
  14:    echo $((0x${1:6:2})).$((0x${1:4:2})).$((0x${1:2:2})).$((0x${1:0:2}))
  15: }
  16: 
  17: hostlookup()
  18: {
  19:    # Convert a decimal IP to hostname - calls 'host' each time
  20:    hostname=$(host $1)
  21:    case $hostname in
  22:    *\ not\ found*)
  23:       # Just echo the address we tried to look up
  24:       echo "$1"
  25:       ;;
  26:    *)
  27:       # The result is word 5.  Lower-case it for consistency
  28:       set $hostname
  29:       echo "$5" | tr 'A-Z' 'a-z'
  30:       ;;
  31:    esac
  32: }
  33: 
  34: # Options
  35: iptranslate=0
  36: gethostnames=0
  37: filter=cat
  38: while getopts ihu: o ; do
  39:    case $o in
  40:    i) iptranslate=1 ;;
  41:    h) gethostnames=1; iptranslate=1 ;;
  42:    u) filter="grep $OPTARG" ;;
  43:    esac
  44: done
  45: shift $(($OPTIND-1))
  46: 
  47: # We could get the DB server names from 'fs checkservers', but it isn't obvious what is from our cell.  We
  48: # could also grep CellServDB.  I cop out and hard code one known DB server and get the others from it.
  49: masterserver=halley.dartmouth.edu
  50: serverlist=$(bos listhosts -server $masterserver| grep 'Host .* is ' | awk '{print $4}')
  51: 
  52: # If we want to filter usernames, it is more efficient to do it inline, before sorting, translation and hostname lookups
  53: 
  54: # Array to hold IP address/name conversions (associative array, ksh only)
  55: # ksh - use -A for associative array.  bash - use -a and numeric array
  56: typeset -a hostnames
  57: 
  58: (
  59: for dbserver in $serverlist; do
  60:    bos getlog -server $dbserver -file /usr/afs/logs/AuthLog
  61: done
  62: ) | grep -v 'Fetching log file' | $filter | sed -e 's/^... //' -e 's/  \([1-9]\) / 0\1 /' | sort --month-sort | \
  63:     sed '-e s/ \([0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f]\)$/ 0\1/' |
  64:     while read line; do
  65:    if [[ $iptranslate == 1 ]] ; then
  66:       # Ugly!
  67:       # Sometimes we get a 7-digit hex code in the log - the kaserver apparently drops leading zeros.
  68:       # The second 'sed' in the pipe catches these are fixes them.
  69:       case $line in
  70:       *\ from\ [0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f])
  71:          # translate the reverse-hex address
  72:          iphex=${line##* from }
  73:          # bash version - index by numeric value only, but can be sparse array -- use the raw IP 
  74:          ipdec=$((0x$iphex))
  75:          frontpart=${line% from *}
  76:          if [[ $gethostnames == 1 ]]; then
  77:             # ksh - index on hex value as a string (iphex)
  78:             # bash - index on numeric value (ipdec)
  79:             index=$ipdec
  80:             if [[ -z "${hostnames[$index]}" ]]; then
  81:                hostnames[$index]="$(hostlookup $(hextodec $iphex))" 
  82:             fi
  83:             echo "$frontpart from ${hostnames[$index]}"
  84:          else
  85:             echo "$frontpart from $(hextodec $iphex)"
  86:          fi
  87:          ;;
  88:       *)
  89:          echo "$line"
  90:          ;;
  91:       esac
  92:    else
  93:       # No ip translation, just echo the whole line
  94:       echo "$line"
  95:    fi   
  96: done
  97: