#!/bin/sh
#
# /usr/local/sbin/localshowuserfromip
# Copyright 2007 Jonas Smedegaard <dr@jones.dk>
#
# $Id: localshowuserfromip,v 1.3 2007-11-14 13:31:37 jonas Exp $
#
# List recent identifiable users from some IP address
#

input="${input:-user}"
output="${output:-shortline}"
logfilecount="${logfilecount:-1}"
pattern="${pattern:-user_dovecot}"

sed_longline='s/^\(.\{15\}\) [^:]*: /\1 /'
sed_time='s/^\(.\{15\}\) .*$/\1 /'

case $pattern in
    user_dovecot)
	# Dovecot "deliver"
	egrep_before='dovecot: .*: Login: .*, rip=('
	egrep_after='), lip='
	sed_shortline='s/^\(.\{15\}\) [^:]*: \([^-]*\)-login: Login: user=</\1 (\2) /;s/>, .*$//'
	sed_username='s/^.* user=<//;s/>, .*$//'
	;;
    *)
	echo >&2 "ERROR: unknwon pattern \"$pattern\""
	exit 1
	;;
esac

case $output in
    shortline)
	sedstring="$sed_shortline"
	;;
    longline)
	sedstring="$sed_longline"
	;;
    username)
	sedstring="$sed_msgid"
	;;
    *)
	echo >&2 "ERROR: unknwon output \"$output\""
	exit 1
	;;
esac

ip="$1"

find /var/log -name 'syslog*' | sort -nr -t. -k3 | tail -n "$logfilecount" | xargs zcat -f \
	| egrep -- "$egrep_before$ip$egrep_after" \
	| sed "$sedstring"