6
use lib '@LR_PERL5LIBDIR@';
8
use Lire::Program qw( :msg :dlf );
11
init_dlf_converter( "proxy" );
12
my $schema = Lire::DlfSchema::load_schema( "proxy" );
14
$schema->make_hashref2asciidlf_func( qw/time client_ip client_host
15
user duration cache_result req_result protocol
16
dst_ip dst_host dst_port operation requested_url bytes rule
17
useragent cat_site cat_page catlevel_site catlevel_page /);
22
my $parser = new Lire::WELF;
28
my $welf = $parser->parse( $_ );
30
die "not a firewall WELF record: id=", $welf->{id}, "\n"
31
unless $welf->{id} eq 'firewall';
33
# Skip messages without proto, src, dst
34
return unless defined $welf->{proto} &&
35
defined $welf->{src} && $welf->{dst};
37
my %dlf = ( time => $welf->{time},
38
rule => $welf->{rule},
39
user => $welf->{user},
40
duration => $welf->{duration},
42
client_ip => $welf->{src},
43
client_host => $welf->{srcname} || $welf->{src},
45
dst_ip => $welf->{dst},
46
dst_host => $welf->{dstname} || $welf->{dst},
47
dst_port => $welf->{dst_port},
49
protocol => $welf->{proto},
50
operation => $welf->{op},
52
requested_url => $welf->{arg},
54
req_result => $welf->{result},
56
cache_result => $welf->{cache},
58
useragent => $welf->{agent},
61
cat_action => $welf->{cat_action},
62
cat_site => $welf->{cat_site},
63
catlevel_site => $welf->{catlevel_site},
64
cat_page => $welf->{cat_page},
65
catlevel_page => $welf->{catlevel_page},
68
# Bytes should be computed from rcvd and sent
69
if ( $welf->{rcvd} || $welf->{sent}) {
71
$dlf{bytes} += $welf->{rcvd} if $welf->{rcvd};
72
$dlf{bytes} += $welf->{sent} if $welf->{sent};
75
my $dlf = $dlf_maker->( \%dlf );
77
print join( " ", @$dlf), "\n";
82
lr_notice( qq{cannot convert line $. "$_" to proxy dlf, skipping} );
87
end_dlf_converter( $lines, $dlflines, $errorlines );
95
welf_proxy2dlf - convert logs in WebTrends Enhanced Log Format to proxy DLF
99
B<welf_proxy2dlf> I<file>
103
B<welf_proxy2dlf> converts firewall logs in the WebTrends Enhanced Log
104
Format into the proxy DLF.
106
That format is defined at the following URL:
107
http://www.webtrends.com/partners/welfOverview.htm
109
This converter also supports the SonicWall extensions.
111
A list of firewall products that supports that format can be found
112
at the following URL:
113
http://www.webtrends.com/partners/firewall.htm
115
=head1 IMPLEMENTATION NOTES
117
Welf log files contains information about many applications: proxies,
118
packet filters, IDS. IDS and packet filters information is handled by
119
the firewall superservice, whereas the proxy information is handled by
120
the proxy supersevice.
122
This converter will only convert records with a proto, src and dst
123
field. All other records are ignored (they won't be ignored by the
124
firewall superservice).
128
Lire::WELF(3) welf2dlf(1)
132
Francis J. Lacoste <flacoste@logreport.org>
136
$Id: welf_proxy2dlf.in,v 1.1 2002/02/05 21:57:22 flacoste Exp $
140
Copyright (C) 2001 Stichting LogReport Foundation LogReport@LogReport.org
142
This program is free software; you can redistribute it and/or modify
143
it under the terms of the GNU General Public License as published by
144
the Free Software Foundation; either version 2 of the License, or
145
(at your option) any later version.
147
This program is distributed in the hope that it will be useful,
148
but WITHOUT ANY WARRANTY; without even the implied warranty of
149
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
150
GNU General Public License for more details.
152
You should have received a copy of the GNU General Public License
153
along with this program (see COPYING); if not, check with
154
http://www.gnu.org/copyleft/gpl.html or write to the Free Software
155
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111, USA.