path: root/localshowuserfromip

#!/bin/sh
#
# /usr/local/sbin/localshowuserfromip
# Copyright 2007 Jonas Smedegaard <dr@jones.dk>
#
# $Id: localshowuserfromip,v 1.1 2007-11-14 13:23:55 jonas Exp $
#
# List recent identifiable users from some IP address
#

input="${input:-user}"
output="${output:-shortline}"
logfilecount="${logfilecount:-1}"
pattern="${pattern:-user_dovecot}"

sed_longline='s/^\(.\{15\}\) [^:]*: /\1 /'
sed_time='s/^\(.\{15\}\) .*$/\1 /'

case $pattern in
    user_dovecot)
    # Dovecot "deliver"
    egrep_before=', rip=('
    egrep_after='), lip='
    sed_shortline='s/^\(.\{15\}\) [^:]*: [^-]*-login: Login: user=</\1/;s/>, method=[^,]*, rip=/ /;s/, lip=.*$//'
    sed_username='s/^.* user=<//;s/>, .*$//'
    ;;
    *)
    echo >&2 "ERROR: unknwon pattern \"$pattern\""
    exit 1
    ;;
esac

case $output in
    shortline)
    sedstring="$sed_shortline"
    ;;
    longline)
    sedstring="$sed_longline"
    ;;
    username)
    sedstring="$sed_msgid"
    ;;
    *)
    echo >&2 "ERROR: unknwon output \"$output\""
    exit 1
    ;;
esac

ip="$1"

find /var/log -name 'syslog*' | sort -nr -t. -k3 | tail -n "$logfilecount" | xargs zcat -f \
    | egrep -- "$egrep_before$ip$egrep_after" \
    | sed "$sedstring"