#!/usr/bin/perl


use Socket;


#iptables ログ整形スクリプト
#iptablesが吐くログを見やすいようにトリミングする

#TEST
	$cos = 3;
#ファイル削除
	unlink "intermadiate.txt";
	unlink "diff.txt";

#ログファイル読み込み
	open(IN,"< /var/log/iptables.log");
	open(OUT,">intermadiate.txt");
	while(<IN>){
		$rawstr = $_;
		if ($rawstr =~ /iptables/) {
		$count = 0;

			@trimstr = split(/ /, $rawstr);

			for ( $i=3; $i<=22; $i++) {
				
				if (@trimstr[$i] =~ /SRC=/) {
					$ip = @trimstr[$i];
					$ip =~ s/SRC=//g;
					$count += 1;
					next;
				}
				
				if (@trimstr[$i] =~ /PROTO=/) {
					$prot = @trimstr[$i];
					$prot =~ s/PROTO=//g;
					$count += 1;
					next;
				}
				if (@trimstr[$i] =~ /DPT=/) {
					$port = @trimstr[$i];
					$port =~ s/DPT=//g;
					$count += 1;
					next;
				}
				if ($count == 3){
					last;
				}
			}
	
			#$ip = @trimstr[8];
			#$ip =~ s/SRC=//g;
			#$prot = @trimstr[16];
			#$prot =~ s/PROTO=//g;
			#$port = @trimstr[18];
			#$port =~ s/DPT=//g;
			$host = gethostbyaddr(pack('C4',split('\.', $ip)), AF_INET);
			print OUT @trimstr[0]." ".@trimstr[1]." ".@trimstr[2]." ".$prot." ".$port." ".$ip." ".$host."\n"}
		}
	close(IN);
	close(OUT);
	
#中間ファイルと比較、差分出力
	use Text::Diff;
	open(OUTDIFF, ">diff.txt");
	print OUTDIFF diff "/var/log/iptables/iptables.log", "intermadiate.txt", { Unified => 0 };
	close(OUTDIFF);

#出力結果トリム処理及びログファイルへの追記
	open(IN,"<diff.txt");
	open(OUT,">>/var/log/iptables/iptables.log");
	while(<IN>){
		$diff = $_;
		if ($diff =~ /\-\-\-/) {
			next;
		}
		if ($diff =~ /\+\+\+/) {
			next;
		}
		if ($diff =~ /\@\@/) {
			next;
		}
		if ($diff =~ /\+/) {
			$diffinter = $diff;
			$diffinter =~ s/\+//g;
			print OUT $diffinter}
		}
	close(IN);
	close(OUT);