#!/bin/bash

# nothink.org

LOG_FILE='/var/log/inetsim/service.log'
LOG_MAIL_FROM='mail_from.log'
LOG_RCPT_TO='rcpt_to.log'
HTTP_METHOD=( GET POST CONNECT HEAD )
LIMIT=10

echo "INETSIM SMTP PARSER"
echo "-------------------"
echo ""

echo "LOG FILE : $LOG_FILE"

echo -n "CONNECTIONS : "
grep "] connect" $LOG_FILE | wc -l

echo "TOP SOURCE IP : "
echo ""
grep "] connect" $LOG_FILE | grep -o -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | sort | uniq -c | sort -nr | head -n $LIMIT
echo ""

echo -n "EMAIL ($LOG_MAIL_FROM, $LOG_RCPT_TO) : "
grep "info: Message id: " $LOG_FILE | wc -l
echo ""

grep "MAIL FROM:" $LOG_FILE  | egrep -o "\b[a-zA-Z0-9.-]+@[a-zA-Z0-9.-]+\.[a-zA-Z0-9.-]+\b" | sort | uniq > $LOG_MAIL_FROM
grep "RCPT TO:" $LOG_FILE  | egrep -o "\b[a-zA-Z0-9.-]+@[a-zA-Z0-9.-]+\.[a-zA-Z0-9.-]+\b" | sort | uniq > $LOG_RCPT_TO

echo "HTTP METHOD : "
echo ""

for n in "${HTTP_METHOD[@]}"
do
	echo -n -e "\t$n : "
	grep " recv: $n" $LOG_FILE | wc -l
done
echo ""

echo "TOP URL REQUEST : "
echo ""
grep -iIohE 'https?://[^[:space:]]+' $LOG_FILE | sort | uniq -c | sort -nr | head -n $LIMIT
echo ""

echo "TOP USER-AGENT : "
echo ""
grep " recv: User-Agent" $LOG_FILE | cut -f 6- -d ":" | sort | uniq -c | sort -nr | head -n $LIMIT
echo ""

exit 0