########################################################################## # $Id: windows,v 1.1 2006/03/22 17:46:22 bjorn Exp $ ########################################################################## # $Log: windows,v $ # Revision 1.1 2006/03/22 17:46:22 bjorn # Initial commit. Files submitted by William Roumier. # ########################################################################## # This was written and is maintained by: # William Roumier <w.roumier@hotmail.fr> # # Please send all comments, suggestions, bug reports, # etc, to logwatch-devel@logwatch.org ########################################################################## use Logwatch ':all'; #$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0; my ($month,$day,$time,$host,$process,$conn,$msg); while (defined($ThisLine = <STDIN>)) { ($month,$day,$time,$host,$process,$conn,$msg)=split(/ +/,$ThisLine,7); if ($ThisLine =~ /0x18/ ) { $testline = $ThisLine; chomp $testline; @testfields = split(/ /,$testline); $name=$testfields[14]; $domain=$testfields[22]; $fip=$testfields[33]; #print "DEBUG name=" . $name . "domain =" . $domain . "ip =" . $fip . "\n"; $LoginFail{$domain}{$name}{$fip}++; } else { # will code this later } } if (keys %LoginFail) { print "\n\tWindows failed Logins:\n"; foreach $LDomain (keys %LoginFail) { print "\nDOMAIN: " . $LDomain . ":\n"; foreach $LName (keys %{$LoginFail{$LDomain}}) { print "\tName: " .$LName . "\n " ; foreach $LFip (keys %{$LoginFail{$LDomain}{$LName}}) { print "\t\tFrom :" .LookupIP($LFip)."\t ". $LoginFail{$LDomain}{$LName}{$LFip} . " Time(s)\n"; } print "\n";} } } exit(0);