Skip to content

Instantly share code, notes, and snippets.

@rorysavage77
Created March 31, 2015 18:34
Show Gist options
  • Save rorysavage77/b5954e00090eec85cfdc to your computer and use it in GitHub Desktop.
Save rorysavage77/b5954e00090eec85cfdc to your computer and use it in GitHub Desktop.
#!/bin/ruby
##################################################################
## modruby - a tools for parsing the modsecurity audit logs and ##
## taking action. ##
##################################################################
$modSecurityLog="./logs/modsec_audit.log"
$securityString1="POST /activfoundation/login/oauth/facebook/callback"
$securityString2="HTTP/1.1 400 Bad Request"
$count=0
$/ = "-Z--\n"; ## Input Record Seperator to create chunk
file = File.open("./logs/modsec_audit.log", "r")
file.each_line do |chunk|
if chunk.include?("#{$securityString1}")
$count += 1
puts "######################################################"
puts "Entry found for search String (#{$securityString1})"
puts "######################################################"
$/ = "\n";
chunk.each_line do |line|
if line =~ /CF-Connecting-IP: (\d+.\d+.\d+.\d+)/
cfConntingIp = line.split("CF-Connecting-IP: ", 2)
puts cfConntingIp
end
end
#print chunk
end
end
file.close
puts "Count: #{$count}"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment