#!/usr/local/bin/python
# waccess - Copyright (c) 2001, TundraWare Inc., All Rights Reserved
# $Id: waccess,v 1.1 2001/08/03 19:11:49 tundra Exp $

#
# Look for selected strings passed on the command line in the http access log.
# If found, dump the address, name, item retrieved, and access date for the
# matching record.


import commands
import getopt
import socket
import sys

##########
# Booleans
##########

FALSE = 0==1
TRUE = not FALSE

##########
# Constants
##########

ANS  = ";; ANSWER SECTION"
DIG  = "/usr/bin/dig -t ptr -x "
LOG = "/var/log/httpd-access.log"


##########
# Command Line Processing
##########

REVERSE = FALSE
SHOW    = TRUE
START   = 1

try:
    opts, args = getopt.getopt(sys.argv[1:], '-rs')
except getopt.GetoptError:
    print "usage: waccess [-rs]"
    sys.exit(2)

for opt, val in opts:
    START += 1
    if opt == "-r":
        REVERSE = TRUE
    if opt == "-s":
        SHOW = FALSE
        REVERSE = FALSE

##########
# Process the log
##########

f = open(LOG)

matched = {}
for a in args:
    matched[a] = 0

total = 0

# Read in the whole log file
for records in f.read().splitlines():

    total += 1
    # Check each command line argument for a match
    for a in args:

        if records.count(a):
            fields = records.split()

            i = 0
            revname = ""
            if REVERSE:
                try:
                    revname = socket.gethostbyaddr(fields[0])[0]
                except:
                    revname = "NO REVERSE RESOLUTION"

            if SHOW:
                print fields[3][1:], " " * (19 - len(fields[3][1:])), \
                      fields[0], " " * (15 - len(fields[0])), \
                      revname[-(35+1):], " " * (35 - len(revname)), \
                      fields[5], " " * (8 - len(fields[5])), fields[6]

            matched[a] += 1

f.close()
print "\nProcessed %d Total Records.\n" % (total,)
for a in args:
    print "Found %d Matching Records Containing: %s" % (matched[a], a)