#!/usr/bin/perl # AgaLOG.pl (Against LOG) # nitrous(at)danitrous(dot)org # Mexico - 28/dic/2005 # ####################################################################### # # This code looks for the (passed as 1st parameter) in # the , and then, writes all the lines that no contains the # in . # # If the appears one or more times, you can overwrite # the by ('s filename becomes # 's filename), or simply to exit. # # If you decides to overwrite, then, a tinny trick is achieved: # -Get the 's modification date. # -Touch the with that date as reference. # -Removes the # -Renames the to # -Ta tan!, It appears unmodified (in date terms) # ($touch -r ) # # Greetz 2 benn, you know dude, you know the purposes of this code };-) # ####################################################################### # # Example: # $ grep 209.136.48.69 logs/access.log | wc -l # 66 # $ ls -l logs/access.log # -rw-r--r-- 1 nitrous nitrous 19954851 Dec 28 22:35 logs/access.log # $ date # Wed Dec 28 22:58:09 CST 2005 # # $ ./zap.pl 209.136.48.69 logs/access.log accesstmp # ################################ # # AgaLOG.pl # # # plain/text Log Cleaner # # # nitrous(at)danitrous(dot)org # # ################################ # # Analyzing the file # # Pattern Matching... Done # # The string 209.136.48.69 was found 66 times! # What you want to do? # 1) Overwrite "logs/access.log" with "accesstmp" # 2) Exit # 1/2?: 1 # Setting logs/access.log's date to accesstmp... # # Removing logs/access.log; Moving accesstmp to logs/access.log... # # Done ! # Happy hack =) # $ grep 209.136.48.69 logs/access.log | wc -l # 0 # $ ls -l logs/access.log # -rw-r--r-- 1 nitrous nitrous 19954031 Dec 28 22:35 logs/access.log sub header { print "\t################################\n"; print "\t# AgaLOG.pl #\n"; print "\t# plain/text Log Cleaner #\n"; print "\t# nitrous(at)danitrous(dot)org #\n"; print "\t################################\n\n"; } sub usage { print "Usage: $0 [-i (ignore case)]\n\n"; print "Examples:\n"; print "\t$0 200.66.215.55 apache/access.log apache/access2.log\n"; print "\t$0 phpshell.php apache/access.log apache/access2.log\n"; print "\t$0 trou /var/log/messages /var/log/messages2 -i\n"; exit; } if(@ARGV < 3){ usage; } open(INLOG, $ARGV[1]) or die "Cannot open $ARGV[1]: $!"; open(OUTLOG, ">$ARGV[2]") or die "Cannot create $ARGV[2]: $!"; my $IgnoreCase = 0; my $foundcont = 0; if($ARGV[3]){ $IgnoreCase = 1; } header; print "Analyzing the file\n\n"; while(){ if($IgnoreCase == 1){ if(/$ARGV[0]/i){ $foundcont++; next; } print OUTLOG $_; next; } else{ if(/$ARGV[0]/){ $foundcont++; next; } print OUTLOG $_; next; } } print "Pattern Matching... Done\n\n"; if($foundcont > 0){ print "The string $ARGV[0] was found $foundcont times!\n"; print "What you want to do?\n"; print "\t1) Overwrite \"$ARGV[1]\" with \"$ARGV[2]\"\n"; print "\t2) Exit\n"; print "\t1/2?: "; my $choice = ; chop $choice; if($choice == 1){ close INLOG; close OUTLOG; print "Setting $ARGV[1]'s date to $ARGV[2]...\n\n"; `touch -r $ARGV[1] $ARGV[2]`; print "Removing $ARGV[1]; Moving $ARGV[2] to $ARGV[1]...\n\n"; `rm -f $ARGV[1]; mv -f $ARGV[2] $ARGV[1]`; print "Done !\nHappy hack =)\n"; exit; } close INLOG; close OUTLOG; print "Exiting...\n"; exit; } else{ print "Pattern not found !\nw00t! w00t! ;)\n"; close INLOG; close OUTLOG; `rm -f $ARGV[2]`; }