forked from xnohat/xnohatddosfirewall
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathlogparser.php
90 lines (69 loc) · 2.57 KB
/
logparser.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
<?php
define('BASEPATH', __DIR__ . DIRECTORY_SEPARATOR);
require_once BASEPATH . 'config.php';
main();
register_shutdown_function('fatal_handler');
function main() {
unlink(DB_FILE);
$db = new SQLite3(DB_FILE);
//$db = new SQLite3(':memory:');
$db->query('PRAGMA synchronous = OFF');
$db->query('PRAGMA journal_mode = MEMORY');
$db->query('PRAGMA busy_timeout = 300000');
//Check log table exist or not
$res_check_table_exist = $db->query("SELECT * FROM sqlite_master WHERE name = 'accesslog' and type='table' ");
if (!$res_check_table_exist->fetchArray()) { // Not have table accesslog
//echo "Table Not exist";
//Create Table accesslog
$db->exec('CREATE TABLE accesslog (remote_ip varchar(255), request_time NUMERIC)');
$db->exec("CREATE INDEX accesslog_index ON accesslog(remote_ip,request_time)");
echo "Table accesslog has been created \r\n";
}
//Follow Log
$size = filesize(LOG_FILE); //set to current file size to move disk read cursor to end of file
while (true) {
clearstatcache();
$currentSize = filesize(LOG_FILE);
if ($size === $currentSize) {
usleep(100);
continue;
}
$fh = fopen(LOG_FILE, 'r');
fseek($fh, $size);
while ($line = fgets($fh)) {
// process the line read.
if ( ! empty($line)) {
//-----Clear wasted character-----
$clear_char = array('[', ']');
$line = str_replace($clear_char, '', $line); //strip special chars
//-----Parse Log Line-----
$arr_log_line = explode(' ', $line);
//var_dump($arr_log_line);continue;
$remote_ip = $arr_log_line[0];
$request_time = @date("Y-m-d H:i:s", @strtotime(str_replace('/', '-', substr_replace($arr_log_line[3], ' ', -9, 1)))); //original nginx time look like 05/Nov/2016:01:35:24 , remember change for apache , SQLite format must look like 2016-11-05 01:35:24
$db->exec('INSERT INTO accesslog (remote_ip, request_time) VALUES ("' . $remote_ip . '","' . $request_time . '")'); //insert request to DB
//echo $remote_ip.' - '.$request_time."\r\n";
echo $line;
}
}
fclose($fh);
$size = $currentSize;
}
$db->close();
}
//function for fatal error case
function fatal_handler() {
$errfile = 'unknown file';
$errstr = 'shutdown';
$errno = E_CORE_ERROR;
$errline = 0;
$error = error_get_last();
if (!is_null($error)) {
$errno = $error['type'];
$errfile = $error['file'];
$errline = $error['line'];
$errstr = $error['message'];
main();
}
}
?>