[Conky]problems with perl script and how conky prints output of that script.
by ////// from LinuxQuestions.org on (#6HX70)
i have a perl script that parses suricata fast.log's and it works just fine when ran in terminal...
Code: 192.168.50.1 ET POLICY Reserved Internal IP Traffic [**] [Classification: Potentially Bad Traffic] [Priority: 2] {UDP}
136.243.170.167 ET POLICY Lets Encrypt Free SSL Cert Observed [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP}
88.198.28.209 ET POLICY Lets Encrypt Free SSL Cert Observed [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP}
88.99.71.227 ET POLICY Lets Encrypt Free SSL Cert Observed [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP}
23.88.75.111 ET POLICY Lets Encrypt Free SSL Cert Observed [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP}
5.9.141.126 ET POLICY Lets Encrypt Free SSL Cert Observed [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP}
162.55.240.243 ET POLICY Lets Encrypt Free SSL Cert Observed [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP}
8.8.8.8 ET DNS Excessive DNS Responses with 1 or more RR's (100+ in 10 seconds) - possible Cache Poisoning Attempt [**] [Classification: Potentially Bad Traffic] [Priority: 2] {UDP}
216.58.210.163 ET SCAN NMAP -sA (1) [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP}
157.240.205.11 TGI HUNT non-DiffServ aware TOS setting [**] [Classification: Potentially Bad Traffic] [Priority: 2] {ICMP}
157.240.205.35 TGI HUNT non-DiffServ aware TOS setting [**] [Classification: Potentially Bad Traffic] [Priority: 2] {ICMP}
151.101.1.229 TGI HUNT non-DiffServ aware TOS setting [**] [Classification: Potentially Bad Traffic] [Priority: 2] {ICMP}
138.201.178.194 ET POLICY Lets Encrypt Free SSL Cert Observed [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP}
178.217.129.238 ET POLICY Lets Encrypt Free SSL Cert Observed [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP}
95.216.41.173 ET POLICY Lets Encrypt Free SSL Cert Observed [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP}
151.101.2.133 ET POLICY Lets Encrypt Free SSL Cert Observed [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP}
151.101.246.133 ET POLICY Lets Encrypt Free SSL Cert Observed [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP}
151.101.194.133 ET POLICY Lets Encrypt Free SSL Cert Observed [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP}
178.255.231.116 ET POLICY Lets Encrypt Free SSL Cert Observed [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP}
151.101.244.193 ET POLICY Lets Encrypt Free SSL Cert Observed [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP}
138.68.203.227 ET POLICY Lets Encrypt Free SSL Cert Observed [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP}
35.223.193.241 ET POLICY Lets Encrypt Free SSL Cert Observed [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP}
130.211.23.194 ET SCAN NMAP -sA (1) [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP}
151.101.245.229 TGI HUNT non-DiffServ aware TOS setting [**] [Classification: Potentially Bad Traffic] [Priority: 2] {ICMP}
91.228.74.159 ET POLICY Lets Encrypt Free SSL Cert Observed [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP}
204.68.111.105 ET POLICY Lets Encrypt Free SSL Cert Observed [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP}
62.210.136.153 ET POLICY Lets Encrypt Free SSL Cert Observed [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP}
23.88.75.112 ET POLICY Lets Encrypt Free SSL Cert Observed [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP}
5.9.141.252 ET POLICY Lets Encrypt Free SSL Cert Observed [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP}
136.243.70.185 ET POLICY Lets Encrypt Free SSL Cert Observed [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP}
151.101.65.26 TGI HUNT non-DiffServ aware TOS setting [**] [Classification: Potentially Bad Traffic] [Priority: 2] {ICMP}... but scripts output is messed up when ran in conky, i added screenshot as attachment and that shows how it looks like.
PHP Code:#!/usr/bin/perl
usestrict;
#usewarnings;
useSocket;
useTerm::ANSIColorqw(:constants);#forcolorfuloutput
usevarsqw(%seen@non_duplicates5@non_duplicates3@strings@list3@list5@strings$info3$info5$ip3$ip5$item1$item2$alert$key$ipaddresses3$ipaddresses5$ip_to_host$hostname$priority$length3$length5$padding3$padding5);
open(LOGS,"</var/log/suricata/fast.log")ordie"Couldn'topenfile/var/log/suricata/fast.log,$!";
while(@strings=<LOGS>){
foreach$alert(@strings){
chomp$alert;
if($alert=~/[a-z]{8}\:\[1,2]{1}/ix&&$alert=~/(\[\*\*\]\s[\[0-9\:0-9\:0-9\]]+)(.*)\([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})(\:[0-9]{1,6}\\-\>\)([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})\:[0-9]{1,6}$/ix){
if($5eq"192.168.50.174"){
push(@list3,($3));
$info3=$2;
$ip3=$3;
@non_duplicates3=uniq(@list3);
foreach$ipaddresses3(@non_duplicates3){
$length3=length($ipaddresses3);
if($length3eq"7"){$padding3eqprint""x9;}
if($length3eq"8"){$padding3eqprint""x8;}
if($length3eq"9"){$padding3eqprint""x7;}
if($length3eq"10"){$padding3eqprint""x6;}
if($length3eq"11"){$padding3eqprint""x5;}
if($length3eq"12"){$padding3eqprint""x4;}
if($length3eq"13"){$padding3eqprint""x3;}
if($length3eq"14"){$padding3eqprint""x2;}
if($length3eq"15"){$padding3eqprint""x1;}
print"$ipaddresses3","$padding3","$info3\n";
#gethostname($ipaddresses3);
}
}
if($alert=~/[a-z]{8}\:\[1,2]{1}/ix&&$alert=~/(\[\*\*\]\s[\[0-9\:0-9\:0-9\]]+)(.*)\([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})(\:[0-9]{1,6}\\-\>\)([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})\:[0-9]{1,6}$/ix){
if($3eq"192.168.50.174"){
push(@list5,($5));
$info5=$2;
$ip5=$5;
@non_duplicates5=uniq(@list5);
foreach$ipaddresses5(@non_duplicates5){
$length5=length($ipaddresses5);
if($length5eq"7"){$padding5eqprint""x9;}
if($length5eq"8"){$padding5eqprint""x8;}
if($length5eq"9"){$padding5eqprint""x7;}
if($length5eq"10"){$padding5eqprint""x6;}
if($length5eq"11"){$padding5eqprint""x5;}
if($length5eq"12"){$padding5eqprint""x4;}
if($length5eq"13"){$padding5eqprint""x3;}
if($length5eq"14"){$padding5eqprint""x2;}
if($length5eq"15"){$padding5eqprint""x1;}
print"$ipaddresses5","$padding5","$info5\n";
#gethostname($ipaddresses5);
}
}
}
}
}
}
closeLOGS;
exit0;
subuniq{%seen;grep!$seen{$_}++,@_}
anyone with a clue how to get conky to print it "neatly" ?
Attached Thumbnails
Code: 192.168.50.1 ET POLICY Reserved Internal IP Traffic [**] [Classification: Potentially Bad Traffic] [Priority: 2] {UDP}
136.243.170.167 ET POLICY Lets Encrypt Free SSL Cert Observed [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP}
88.198.28.209 ET POLICY Lets Encrypt Free SSL Cert Observed [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP}
88.99.71.227 ET POLICY Lets Encrypt Free SSL Cert Observed [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP}
23.88.75.111 ET POLICY Lets Encrypt Free SSL Cert Observed [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP}
5.9.141.126 ET POLICY Lets Encrypt Free SSL Cert Observed [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP}
162.55.240.243 ET POLICY Lets Encrypt Free SSL Cert Observed [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP}
8.8.8.8 ET DNS Excessive DNS Responses with 1 or more RR's (100+ in 10 seconds) - possible Cache Poisoning Attempt [**] [Classification: Potentially Bad Traffic] [Priority: 2] {UDP}
216.58.210.163 ET SCAN NMAP -sA (1) [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP}
157.240.205.11 TGI HUNT non-DiffServ aware TOS setting [**] [Classification: Potentially Bad Traffic] [Priority: 2] {ICMP}
157.240.205.35 TGI HUNT non-DiffServ aware TOS setting [**] [Classification: Potentially Bad Traffic] [Priority: 2] {ICMP}
151.101.1.229 TGI HUNT non-DiffServ aware TOS setting [**] [Classification: Potentially Bad Traffic] [Priority: 2] {ICMP}
138.201.178.194 ET POLICY Lets Encrypt Free SSL Cert Observed [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP}
178.217.129.238 ET POLICY Lets Encrypt Free SSL Cert Observed [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP}
95.216.41.173 ET POLICY Lets Encrypt Free SSL Cert Observed [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP}
151.101.2.133 ET POLICY Lets Encrypt Free SSL Cert Observed [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP}
151.101.246.133 ET POLICY Lets Encrypt Free SSL Cert Observed [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP}
151.101.194.133 ET POLICY Lets Encrypt Free SSL Cert Observed [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP}
178.255.231.116 ET POLICY Lets Encrypt Free SSL Cert Observed [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP}
151.101.244.193 ET POLICY Lets Encrypt Free SSL Cert Observed [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP}
138.68.203.227 ET POLICY Lets Encrypt Free SSL Cert Observed [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP}
35.223.193.241 ET POLICY Lets Encrypt Free SSL Cert Observed [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP}
130.211.23.194 ET SCAN NMAP -sA (1) [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP}
151.101.245.229 TGI HUNT non-DiffServ aware TOS setting [**] [Classification: Potentially Bad Traffic] [Priority: 2] {ICMP}
91.228.74.159 ET POLICY Lets Encrypt Free SSL Cert Observed [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP}
204.68.111.105 ET POLICY Lets Encrypt Free SSL Cert Observed [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP}
62.210.136.153 ET POLICY Lets Encrypt Free SSL Cert Observed [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP}
23.88.75.112 ET POLICY Lets Encrypt Free SSL Cert Observed [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP}
5.9.141.252 ET POLICY Lets Encrypt Free SSL Cert Observed [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP}
136.243.70.185 ET POLICY Lets Encrypt Free SSL Cert Observed [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP}
151.101.65.26 TGI HUNT non-DiffServ aware TOS setting [**] [Classification: Potentially Bad Traffic] [Priority: 2] {ICMP}... but scripts output is messed up when ran in conky, i added screenshot as attachment and that shows how it looks like.
PHP Code:#!/usr/bin/perl
usestrict;
#usewarnings;
useSocket;
useTerm::ANSIColorqw(:constants);#forcolorfuloutput
usevarsqw(%seen@non_duplicates5@non_duplicates3@strings@list3@list5@strings$info3$info5$ip3$ip5$item1$item2$alert$key$ipaddresses3$ipaddresses5$ip_to_host$hostname$priority$length3$length5$padding3$padding5);
open(LOGS,"</var/log/suricata/fast.log")ordie"Couldn'topenfile/var/log/suricata/fast.log,$!";
while(@strings=<LOGS>){
foreach$alert(@strings){
chomp$alert;
if($alert=~/[a-z]{8}\:\[1,2]{1}/ix&&$alert=~/(\[\*\*\]\s[\[0-9\:0-9\:0-9\]]+)(.*)\([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})(\:[0-9]{1,6}\\-\>\)([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})\:[0-9]{1,6}$/ix){
if($5eq"192.168.50.174"){
push(@list3,($3));
$info3=$2;
$ip3=$3;
@non_duplicates3=uniq(@list3);
foreach$ipaddresses3(@non_duplicates3){
$length3=length($ipaddresses3);
if($length3eq"7"){$padding3eqprint""x9;}
if($length3eq"8"){$padding3eqprint""x8;}
if($length3eq"9"){$padding3eqprint""x7;}
if($length3eq"10"){$padding3eqprint""x6;}
if($length3eq"11"){$padding3eqprint""x5;}
if($length3eq"12"){$padding3eqprint""x4;}
if($length3eq"13"){$padding3eqprint""x3;}
if($length3eq"14"){$padding3eqprint""x2;}
if($length3eq"15"){$padding3eqprint""x1;}
print"$ipaddresses3","$padding3","$info3\n";
#gethostname($ipaddresses3);
}
}
if($alert=~/[a-z]{8}\:\[1,2]{1}/ix&&$alert=~/(\[\*\*\]\s[\[0-9\:0-9\:0-9\]]+)(.*)\([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})(\:[0-9]{1,6}\\-\>\)([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})\:[0-9]{1,6}$/ix){
if($3eq"192.168.50.174"){
push(@list5,($5));
$info5=$2;
$ip5=$5;
@non_duplicates5=uniq(@list5);
foreach$ipaddresses5(@non_duplicates5){
$length5=length($ipaddresses5);
if($length5eq"7"){$padding5eqprint""x9;}
if($length5eq"8"){$padding5eqprint""x8;}
if($length5eq"9"){$padding5eqprint""x7;}
if($length5eq"10"){$padding5eqprint""x6;}
if($length5eq"11"){$padding5eqprint""x5;}
if($length5eq"12"){$padding5eqprint""x4;}
if($length5eq"13"){$padding5eqprint""x3;}
if($length5eq"14"){$padding5eqprint""x2;}
if($length5eq"15"){$padding5eqprint""x1;}
print"$ipaddresses5","$padding5","$info5\n";
#gethostname($ipaddresses5);
}
}
}
}
}
}
closeLOGS;
exit0;
subuniq{%seen;grep!$seen{$_}++,@_}
anyone with a clue how to get conky to print it "neatly" ?
Attached Thumbnails