#!/usr/bin/perl -w
##########################################################################
# $Id: kernel,v 1.4 1998/04/08 18:32:03 kirk Exp $
##########################################################################
# $Log: kernel,v $
# Revision 1.4  1998/04/08 18:32:03  kirk
# Applied changes submitted by Luuk de Boer <luuk_de_boer@pi.net>.. Thanks!
#
# Revision 1.3  1998/02/23 01:16:57  kirk
# Getting ready for a first distribution
#
# Revision 1.2  1998/02/22 22:36:28  kirk
# Created named...
#
# Revision 1.1  1998/02/22 21:45:41  kirk
# Added kernel message processing
#
##########################################################################

########################################################
# This was written and is maintained by:
#    Kirk Bauer <kirk@kaybee.org>
#
# Please send all comments, suggestions, bug reports,
#    etc, to kirk@kaybee.org.
#
########################################################

$Detail = $ENV{'LOGWATCH_DEBUG'};

sub LookupIP {
   my ($name, $a1, $a2,$a3,$a4,$PackedAddr,$Addr);
   $Addr = $_[0];
   ($a1,$a2,$a3,$a4) = split /\./,$Addr;
   $PackedAddr = pack('C4',$a1,$a2,$a3,$a4);
   if ($name = gethostbyaddr ($PackedAddr,2)) {
      return ($name . " (" . $Addr . ")");
   } else {
      return ($Addr);
   }
}


while (defined($ThisLine = <STDIN>)) {
    chomp($ThisLine);
    next if ($ThisLine eq "");
    if ( ($from,$on) = ( $ThisLine =~ /^Warning: possible SYN flood from ([^ ]+) on ([^ ]+):.+ Sending cookies/ ) ) {
	$Fullfrom = LookupIP($from);
	$Fullon = LookupIP($on);
	$SYNflood{$Fullon}{$Fullfrom}++;
    } else {
	$Kernel{$ThisLine}++;
    }
}
    
if ( (keys %SYNflood) or
     (($Detail >= 5) and (keys %Kernel)) ) {
	
    print "\n\n ---------------------- Kernel Begin ------------------------- \n\n";

    if (keys %SYNflood) {
	print "\nWarning: SYN flood on:\n";
	foreach $ThisOne (sort {$a cmp $b} keys %SYNflood) {
	    print "   " . $ThisOne . " from:\n";
	    foreach $Next (sort {$a cmp $b} keys %{$SYNflood{$ThisOne}}) {
		print "      " . $Next . ": $SYNflood{$ThisOne}{$Next} Time(s)\n";
	    }
	}
    }

    if ( ($Detail >= 5) and (keys %Kernel) ) {
	print "\n";
	foreach $ThisOne (sort {$a cmp $b} keys %Kernel) {
	    print $Kernel{$ThisOne} . " Time(s): " . $ThisOne . "\n";
	}
    }

    print "\n\n ---------------------- Kernel End ------------------------- \n\n";
	
}


exit(0);



