# this script takes data from recordConcatinate and creates the raw gnuplot data
# files.  The use of known name/position temp files is an potentially evil race condition
# that I recognise, so run this script as a non-privlidged user.
#
# usage: tcpDigestDeny datafile
#
# location of data directory
DATA_DIRECT="/var/log/firewall_log/sfo/graphing"
ARCH_DIRECT="/var/log/firewall_log/sfo/graphing"

FILENAME=$1

if [ -f $DATA_DIRECT/$FILENAME.tmp ]
then
        rm $DATA_DIRECT/$FILENAME.tmp
fi

#
# tcp file manipulation begins here
#
# remove DNS and WWW R enteries (will swamp data ...)
grep -v DNS $DATA_DIRECT/$FILENAME | grep -v "WWW R" | \

# now replace known service ports with the numeric values
sed "s/PRINTER ./TCP D=515/"  | \
sed "s/TELNET ./ TCP D=23/" | \
sed "s/FTP ./TCP D=21/" | \
sed "s/SMTP ./TCP D=25/" | \
sed "s/AUTH ./TCP D=113/" | \
sed "s/WWW ./TCP D=80/" | \
sed "s/FTP ./TCP D=21/" | \
sed "s/SMTP ./TCP D=25/" | \
sed "s/AUTH ./TCP D=113/" | \
sed "s/WWW ./TCP D=80/" | \

# extract date and dest ports
 awk ' { print $10 "     "  $15 } ' | \

# clean up timestamps and the like
#
# remove mili second time
sed "s/\.[0-9]\{6\}//"  | \
# change first : to a .
sed "s/:/\./" | \
# optional - revove seconds data to make data more interesting
sed "s/:[0-9]\{2\}//" | \
# now get rid of the D=
sed "s/D=//" | \
# remove letters since they should not be here anyway ...
egrep -v '[a-zA-Z]' > $DATA_DIRECT/$FILENAME.tmp

# we should have clean data at this time.  now sort and rearange the collumns
# st the number is in the last collumn
sort $DATA_DIRECT/$FILENAME.tmp | uniq -c | awk ' { print $2 "   " $3 "   " $1 } ' > $DATA_DIRECT/$FILENAME.out

# try to keep the house clean (again)
rm $DATA_DIRECT/$FILENAME.tmp