JoshS/UFW-AbuseIPDB-Reporter
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

timestamp

Browse source
This commit is contained in:
Sefinek 2024-12-25 16:43:24 +01:00
parent e872525221
commit 2d57e66b0f
1 changed files with 29 additions and 23 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

52
index.js
View file

@ -15,14 +15,16 @@ let fileOffset = 0;
const reportToAbuseIPDb = async (logData, categories, comment) => { const reportToAbuseIPDb = async (logData, categories, comment) => {
try { try {
const { data } = await axios.post('https://api.abuseipdb.com/api/v2/report', new URLSearchParams({ ip: logData.srcIp, categories, comment }), { const { data } = await axios.post('https://api.abuseipdb.com/api/v2/report', new URLSearchParams({
headers: { 'Key': ABUSEIPDB_API_KEY }, ip: logData.srcIp,
}); categories,
comment,
}), { headers: { 'Key': ABUSEIPDB_API_KEY } });
log(0, `Reported ${logData.srcIp} (${logData.dpt}/${logData.proto}); Categories ${categories}; Abuse: ${data.data.abuseConfidenceScore}%`); log(0, `Reported ${logData.srcIp} [${logData.dpt}/${logData.proto}]; ID: ${logData.id}; Categories ${categories}; Abuse: ${data.data.abuseConfidenceScore}%`);
return true; return true;
} catch (err) { } catch (err) {
log(2, `Failed to report ${logData.srcIp} (${logData.dpt}/${logData.proto}); ${err.message}\n${JSON.stringify(err.response.data?.errors || err.response.data)}`); log(2, `Failed to report ${logData.srcIp} [${logData.dpt}/${logData.proto}]; ID: ${logData.id}; ${err.message}\n${JSON.stringify(err.response.data?.errors || err.response.data)}`);
return false; return false;
} }
}; };
@ -30,25 +32,29 @@ const reportToAbuseIPDb = async (logData, categories, comment) => {
const processLogLine = async line => { const processLogLine = async line => {
if (!line.includes('[UFW BLOCK]')) return log(1, `Ignoring line: ${line}`); if (!line.includes('[UFW BLOCK]')) return log(1, `Ignoring line: ${line}`);
const oldTime = line.match(/^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(?:\.\d+)?(?:[+-]\d{2}:\d{2})?/)?.[0];
const timestampMatch = line.match(/\[(\d+\.\d+)\]/);
const newTime = timestampMatch ? parseFloat(timestampMatch[1]) : null;
const logData = { const logData = {
timestamp: line.match(/^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(?:\.\d+)?(?:[+-]\d{2}:\d{2})?/)?.[0] || null, timestampOld: oldTime || null,
In: line.match(/IN=([\d.]+)/)?.[1] || null, timestampNew: newTime || null,
Out: line.match(/OUT=([\d.]+)/)?.[1] || null, In: line.match(/IN=([\d.]+)/)?.[1] || null,
srcIp: line.match(/SRC=([\d.]+)/)?.[1] || null, Out: line.match(/OUT=([\d.]+)/)?.[1] || null,
dstIp: line.match(/DST=([\d.]+)/)?.[1] || null, srcIp: line.match(/SRC=([\d.]+)/)?.[1] || null,
res: line.match(/RES=(\S+)/)?.[1] || null, dstIp: line.match(/DST=([\d.]+)/)?.[1] || null,
tos: line.match(/TOS=(\S+)/)?.[1] || null, res: line.match(/RES=(\S+)/)?.[1] || null,
prec: line.match(/PREC=(\S+)/)?.[1] || null, tos: line.match(/TOS=(\S+)/)?.[1] || null,
ttl: line.match(/TTL=(\d+)/)?.[1] || null, prec: line.match(/PREC=(\S+)/)?.[1] || null,
id: line.match(/ID=(\d+)/)?.[1] || null, ttl: line.match(/TTL=(\d+)/)?.[1] || null,
proto: line.match(/PROTO=(\S+)/)?.[1] || null, id: line.match(/ID=(\d+)/)?.[1] || null,
spt: line.match(/SPT=(\d+)/)?.[1] || null, proto: line.match(/PROTO=(\S+)/)?.[1] || null,
dpt: line.match(/DPT=(\d+)/)?.[1] || null, spt: line.match(/SPT=(\d+)/)?.[1] || null,
len: line.match(/LEN=(\d+)/)?.[1] || null, dpt: line.match(/DPT=(\d+)/)?.[1] || null,
urgp: line.match(/URGP=(\d+)/)?.[1] || null, len: line.match(/LEN=(\d+)/)?.[1] || null,
mac: line.match(/MAC=([\w:]+)/)?.[1] || null, urgp: line.match(/URGP=(\d+)/)?.[1] || null,
window: line.match(/WINDOW=(\d+)/)?.[1] || null, mac: line.match(/MAC=([\w:]+)/)?.[1] || null,
syn: !!line.includes('SYN'), window: line.match(/WINDOW=(\d+)/)?.[1] || null,
syn: !!line.includes('SYN'),
}; };
const { srcIp, proto, dpt } = logData; const { srcIp, proto, dpt } = logData;