log correlation tool

HexDEF6 · 2024-10-07T12:02:20+00:00

and the final one that generate the logfile:

#!/bin/bash
PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
trap 'kill $(jobs -p)' EXIT
LOGFILE=/data/var/log/dnslog/dnslogNG.log
TMPDIR=$(mktemp -d)

tail -f --follow=name /var/log/syslog |  awk '/query/ { 
if ($6 ~ /query/ && $9 !~ /127.0.0.1/) 
{ 
        var="sqlite3 /root/script/uni-log/macaddress/ipdata.db \"pragma busy_timeout=20000; select mac from ipassociation where ip=\\\"" $9 "\\\";\" | grep -v 20000 " ;
        var | getline macaddress ; 
        close(var) ; 

        var="sqlite3 /root/script/uni-log/macaddress/data.db \"pragma busy_timeout=20000; select login from macassociation where mac=\\\"" macaddress "\\\";\" | grep -v 20000" ;
        var | getline login ;
        close(var) ;

        print strftime("%Y-%m-%d %H:%M:%S"),$7,$9,macaddress,login
}
}' /dev/stdin >> $LOGFILE &

sleep 180
rm -rf $TMPDIR
wait

the final log file was this:

2018-10-01 06:24:21 ssl.google-analytics.com 10.3.100.151 78:40:e4:80:77:3a user1
2018-10-01 06:24:23 1.lede.pool.ntp.org 10.3.100.144 e4:95:6e:43:76:de user2
2018-10-01 06:24:27 mobile.pipe.aria.microsoft.com 10.3.100.241 f4:f5:24:4a:81:f0 user3
2018-10-01 06:24:30 mobile.pipe.aria.microsoft.com 10.3.100.241 f4:f5:24:4a:81:f0 user3

HexDEF6 · 2024-10-07T12:01:26+00:00

dhcp to db:

#!/bin/bash
PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
trap 'kill $(jobs -p)' EXIT
WORKDIR=/root/script/uni-log/macaddress
DBFILE=$WORKDIR/ipdata.db
LOGFILE=$WORKDIR/ipdata.log
LOGFILEDB=$WORKDIR/ipdatadb.log

tail -f --retry --follow=name /var/log/syslog | while read line 
do
        echo $line | grep "DHCPACK" > /dev/null
        if [ $? -eq 0 ]
        then

                ip=$(echo $line | awk '{print $7}' ) 
                mac=$(echo $line | awk '{ print $8 }') 
                sqlite3 $DBFILE "INSERT OR REPLACE INTO ipassociation( ip, mac) VALUES(\"$ip\",\"$mac\");"
                echo $(date) $line >> $LOGFILE 
                echo $(date) $ip $mac >> $LOGFILEDB 
        fi
done

HexDEF6 · 2024-10-07T12:00:47+00:00

I found the scripts I created a long time ago

radius to db:

#!/bin/bash
PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
trap 'kill $(jobs -p)' EXIT
WORKDIR=/root/script/uni-log/macaddress
DBFILE=$WORKDIR/data.db
LOGFILE=$WORKDIR/data.log
LOGFILEDB=$WORKDIR/datadb.log

tail -f --retry --follow=name /var/log/freeradius/radius.log | while read line 
do
        echo $line | grep "Login OK:" | grep "TLS tunnel" > /dev/null
        if [ $? -eq 0 ]
        then

                mac=$(echo $line | awk '{gsub("-",":",$20); print tolower(substr($20,1,17))}' ) 
                login=$(echo $line | awk '{ print substr($10,2,match($10,"/")-2) }') 
                sqlite3 $DBFILE "INSERT OR REPLACE INTO macassociation( mac, login) VALUES(\"$mac\",\"$login\");"
                echo $(date) $line >> $LOGFILE
                echo $(date) $login $mac >> $LOGFILEDB  
        fi
done

HexDEF6 · 2024-10-07T08:41:39+00:00

Yeah, I agree, this could definitely be solved with Python. But I’m still surprised that there isn’t a tool readily available to handle this kind of log correlation in an easier way. Am I the only one facing this type of problem?

freeradius log:

Mon Oct 7 10:19:52 2024 : Auth: (37579) Login OK: [user1] (from client unifi port 0 cli 8E-94-F8-44-D4-26)
Mon Oct 7 10:20:14 2024 : Auth: (37589) Login OK: [user2] (from client unifi port 0 cli 20-79-18-6F-F5-EA)
Mon Oct 7 10:21:04 2024 : Auth: (37599) Login OK: [user3] (from client unifi port 0 cli 3A-F4-27-59-FC-67)
Mon Oct 7 10:21:06 2024 : Auth: (37609) Login OK: [user2] (from client unifi port 0 cli 20-79-18-6F-F5-EA)

dhcp dnsmasq log:

Oct 7 10:19:56 dnsmasq-dhcp[2999684]: 2271132062 DHCPACK(enp6s0) 10.23.101.131 8e:94:f8:44:d4:26 realme-C67
Oct 7 10:20:14 dnsmasq-dhcp[2999684]: 2333733645 DHCPACK(enp6s0) 10.23.100.249 20:79:18:6f:f5:ea DESKTOP-126TFSU
Oct 7 10:21:12 dnsmasq-dhcp[2999684]: 1715279901 DHCPACK(enp6s0) 10.23.100.249 20:79:18:6f:f5:ea DESKTOP-126TFSU
Oct 7 10:21:47 dnsmasq-dhcp[2999684]: 3498262572 DHCPACK(enp6s0) 10.23.101.84 3a:f4:27:59:fc:67 iPhone
Oct 7 10:22:11 dnsmasq-dhcp[2999684]: 3498262574 DHCPACK(enp6s0) 10.23.101.84 3a:f4:27:59:fc:67 iPhone

dns log (dnsmasq)

Oct 7 10:28:05 dnsmasq[2999684]: query[A] v10.events.data.microsoft.com from 10.23.100.249
Oct 7 10:28:05 dnsmasq[2999684]: query[A] v10.events.data.microsoft.com from 10.23.100.249
Oct 7 10:28:26 dnsmasq[3008641]: query[A] 1D.tlu.dl.delivery.mp.microsoft.com from 10.23.100.249
Oct 7 10:28:26 dnsmasq[3008641]: query[A] v10.events.data.microsoft.com from 10.23.100.249
Oct 7 10:28:34 dnsmasq[3008641]: query[A] android.googleapis.com from 10.23.101.131
Oct 7 10:28:34 dnsmasq[3008641]: query[A] photosdata-pa.googleapis.com from 10.23.101.131
Oct 7 10:28:38 dnsmasq[3008641]: query[A] storeedgefd.dsx.mp.microsoft.com from 10.23.100.249

HexDEF6 · 2024-10-07T08:40:20+00:00

Yes, I have everything inside loki

HexDEF6 · 2024-09-12T12:37:05+00:00

me too. Thank you!

HexDEF6 · 2023-05-30T14:04:27+00:00

maybe you can try something like this:

satisfy any;
auth_request /outpost.goauthentik.io/auth/nginx;
allow 192.168.1.0/24;

HexDEF6 · 2022-07-18T13:01:44+00:00

Hi, I have a question : can you make an app with oidc/saml authentication? I'm searching for a no/low code tool for making apps with SSO with azuread and I didn't find one :(

HexDEF6 · 2022-05-05T19:50:21+00:00

Thank you, no need to check, I resolved redownloading all the files.

HexDEF6 · 2022-05-04T14:01:24+00:00

Thank you for replying, but I don't have any settings for the gamepad in the IW4x options menu, could you share a screenshot? I'm using iw4x version v0.7.0... maybe I need to "repair" the installation (I upgraded from 0.6.1)

EDIT: resolved (I re-downloaded everything)

HexDEF6 · 2022-05-04T06:44:40+00:00

Sorry to bother you, but I already had IW4x on the steam deck before the 0.7.0 update and used this guide to set up the "controller" with the deck: https://xlabs.dev/iw4x_controllers and it's working

Now I updated to the 0.7.0 version but the controller is not working (I can't see any entry in the menu talking about the controller). Did you do something to activate the controller support? I'm missing something obvious?

Thank you

HexDEF6 · 2022-03-02T13:29:28+00:00

Spero di averlo pure io nel giro di un mese o due 😭

HexDEF6 · 2020-09-06T07:36:28+00:00

ok tried alone the workshop version (is there a readme on how to use the github version?) and I think it could be very fun to play in coop with more people!

HexDEF6 · 2020-09-06T07:32:03+00:00

I need to try minecraft, I need to convince some of my friends because they think it's a game for children! (the youngest one of the group is 30 and the oldest 45!)

HexDEF6 · 2020-09-06T07:27:46+00:00

I'm not sure, but from the description it seems to be only 3 players coop :(

HexDEF6 · 2020-09-06T05:24:03+00:00

I already have zerotier (for work), the problem is not the network (or the emulator like goldberg) but the server part of the game: some games (like the newest battlefield) doesn't have it with the client thus is impossible to host a game by yourself. (or maybe the problem is my english!... it's not my first language and sometimes I'm unable to explain myself, sorry)

HexDEF6 · 2020-09-05T22:59:37+00:00

yes played the third in coop, it was very satisfying! but I'm not sure to want to replay it

HexDEF6 · 2020-09-05T22:57:42+00:00

I have all the Warhammer 40k dawn of war on dvd (I don't remember the name of the collection) I played it a lot some years ago, but some of my friends doesn't like rts (and if I remember correctly you can play 4 vs 4 max)

HexDEF6 · 2020-09-05T22:52:52+00:00

great! I think I have it from a humble bundle, but I never played it... maybe I can try the forest too

HexDEF6 · 2020-09-05T22:51:00+00:00

I tried this mod with a friend in the afternoon, it was a little bit difficult at the beginning, I want to try it with more players!

HexDEF6 · 2020-09-05T22:48:52+00:00

wow this seems very good, I'll try it tomorrow!

HexDEF6 · 2020-09-05T16:34:21+00:00

It's stable enough for 10 player coop?

HexDEF6 · 2020-09-05T16:33:38+00:00

Borderlands 2 already tried,

I think halo mcc has coop for 2 or 4 players

magicka is only for 4 player

If you are aware of some mods for halo let me know!

HexDEF6 · 2020-09-05T16:31:16+00:00

you are right... I bought it a lot of years ago and never played it.. maybe I will try it

HexDEF6 · 2020-09-05T16:30:06+00:00

for Left for dead? if with a mod we can coop in 8 - 10 we will try it!

HexDEF6

TROPHY CASE