script that chops up ms proxy 2 logs! 1

[browolf]

i just wrote this script last week. it chops up ms proxy 2 logs into logs for individual users. it also discards lines referring to images.

b4 u start u have to add the log file names (except the current one) to a files.log
i have my proxy2 doing 1 log file / week which ends up about 120MB

ideally it would be automated but i wasnt sure at the time how to create a filelist to process in date order and not containing the newest.


this code is provided as is. in that it works for me (appears too ;-) )

===========================================
'section to make new log file without lines starting with "-" or entries for jpgs or gifs
'syntax: cscript convert.vbs logfilename.log
'on error resume next
const forreading = 1, forwriting = 2, ForAppending = 8


function Getfiletype (instrg)
logarray = split(logstr,",&quot
clever = split(logarray(18),".&quot
var = lcase(clever(ubound(clever)))
if VarType(var) <> &quot;8&quot; then var=&quot;xxx&quot; end if
getfiletype = var
end function



'need to go thru existing log files.
'made file list by doing c:\>dir *. /b | sort >> files.log
'read text file
'==================================================
Set xfso = CreateObject(&quot;Scripting.FileSystemObject&quot
Set xts = xfspenTextFile(&quot;files.log&quot;, Forreading)

Do While xts.AtEndOfStream <> True

logname = xts.readline
'=====================================================



dim logname,fso,ts
'logname = wscript.arguments(0)
newlog = logname & &quot;_new&quot;
flufflog= logname & &quot;_fluff&quot;

Set fso = CreateObject(&quot;Scripting.FileSystemObject&quot
if fso.fileexists(logname) then
Set ts = fspenTextFile(logname, Forreading)
if fso.fileexists(newlog) then fso.deletefile(newlog) end if
if fso.fileexists(flufflog) then fso.deletefile(flufflog) end if
set newts = fso.CreateTextFile(newlog, True)
set fluffts = fso.CreateTextFile(flufflog, True)
wscript.echo &quot;Processing: &quot; & logname


Do While ts.AtEndOfStream <> True

logstr = ts.readline

'get file type
filetype = GetFileType(logstr)
if instr(&quot;gif,jpg&quot;,filetype) then
else
if left(logstr,1) = &quot;-&quot; then
fluffts.writeline(logstr)
else
newts.writeline(logstr)
end if
end if
Loop

ts.close
newts.close
fluffts.close
set ts = nothing
set fso =nothing
set newts = nothing
set fluffts = nothing


'need to open newlog and filter out into individual user files
'the main question is how much information to store.
'item(0) ipaddress
'item(4) date
'item(5) time
'item(19) url

'open file

Set fs2 = CreateObject(&quot;Scripting.FileSystemObject&quot
Set ts2 = fs2.OpenTextFile(newlog, ForReading)

Do While ts2.AtEndOfStream <> True



fullnewlogline = ts2.readline
'extract username from log line
newlogline = split(fullnewlogline,&quot;,&quot
if lcase(newlogline(1)) = &quot;anonymous&quot; then
username = &quot;anonymous&quot;
else
domainuser = split(newlogline(1),&quot;\&quot
username = lcase(domainuser(ubound(domainuser)))
end if
'check if file for that user exists and if not create one
'wscript.echo username

if not fs2.fileexists(&quot;evidence\&quot; & username & &quot;.log&quot then
Set MyFile = fs2.CreateTextFile(&quot;evidence\&quot; & username & &quot;.log&quot;, True)
else
Set Myfile = fs2.OpenTextFile(&quot;evidence\&quot; & username & &quot;.log&quot;, ForAppending, True)
end if

if not instr(newlogline(18),&quot;

http://www.lancsngfl.ac.uk&quot;)

or not instr(newlogline(18),&quot;.css&quot or not instr(newlogline(18),&quot;.js&quot then

'write line
myfile.writeline newlogline(4) & &quot;,&quot; & newlogline(5) & &quot;,&quot; & newlogline(0) & &quot;,&quot; & newlogline(18)

end if

myfile.close

loop
ts2.close
set fs2 = nothing
set ts2 = nothing

else

wscript.echo &quot;file not found!&quot;

end if

'added this for going thru old files.
loop
===============
Security Forums

http://www.security-forums.com