#!/usr/bin/perl # # Author: Tate Hansen (tate@clearnetsec.com) # Subject: Script to parse nessusd.messages file and display # which vulnerability tests consumed most time by IP # # pragmas use strict; use warnings; use constant DEBUG => 0; # CHANGE THE PATH BELOW TO WHEREVER YOUR nessusd.messages FILE RESIDES my $NESSUSDMESSAGESFILE = "/opt/nessus/var/nessus/logs/nessusd.messages"; my $dataHashRef; my $numberCompletedRef; my $numberToDisplay = shift; ################################################### sub parseLog { my $line; my %data; my $numberCompleted; open (FH,"$NESSUSDMESSAGESFILE") or die "Error: open failed $NESSUSDMESSAGESFILE: $? \n"; while (defined($line=)) { if ( $line =~ /\[(\d+)\] \w+ \w+ \: launching (\w+\.\w+) \w+ (\d+\.\d+\.\d+\.\d+) \[(\d+)/ ) { # store the parent pid, this pid, script name, and target host IP $data{$4}{'script'} = $2; $data{$1}{'hostip'} = $3; $data{$1}{$4}++; push @{$data{$1}{'childPids'}}, $4; } # end if if ( $line =~ /\[(\d+)\] \w+\.\w+ \(process (\d+)\) finished its job in (\d+\.\d+)/ ) { # store the number of seconds it took pid to finish $data{$1}{$2} = $3; $data{$1}{'completedChecks'}++; } # end if if ( $line =~ /\[(\d+)\] Finished testing \d+\.\d+\.\d+\.\d+\. Time \: (\d+\.\d+)/ ) { # store the number of seconds it took to finish scan of target $data{$1}{'hostScanTime'} = $2; } # end if } # end while return (\%data,\$numberCompleted); } # end sub parseLog ################################################### sub printResults { my $dataHashRef = $_[0]; my $pid; my $childPid; my $element; my %sort; my @ordered; my $percentage; my $index; my ($sec,$secs,$mins,$hours); foreach $pid ( keys %$dataHashRef ) { next unless exists $$dataHashRef{$pid}{'hostip'}; print "===========================================================\n"; if ( DEBUG ) { print "Parent pid = $pid\n"; } # end if print "$$dataHashRef{$pid}{'hostip'}:" if defined $$dataHashRef{$pid}{'hostip'}; print " completed checks = $$dataHashRef{$pid}{'completedChecks'}: " if defined $$dataHashRef{$pid}{'completedChecks'}; if ( defined ($sec = $$dataHashRef{$pid}{'hostScanTime'}) ) { $hours = ($sec/(60*60)%24); $mins = ($sec/60)%60; $secs = $sec%60; print "Time to complete host scan = $sec \($hours:$mins:$secs\)\n"; } %sort = (); @ordered = (); foreach $childPid ( @{$$dataHashRef{$pid}{'childPids'}} ) { $sort{$childPid} = $$dataHashRef{$pid}{$childPid}; } # end foreach @ordered = sort { $sort{$b} <=> $sort{$a} } keys %sort; $index = 0; foreach $childPid ( @ordered ) { if ( $index > $numberToDisplay) { print "not showing remaining list... (only showing $numberToDisplay)\n"; last; } $index++; next unless defined $$dataHashRef{$pid}{'hostScanTime'}; if ( $$dataHashRef{$pid}{'hostScanTime'} > 0 ) { $percentage = sprintf("%.3f",($sort{$childPid}/$$dataHashRef{$pid}{'hostScanTime'})*100); } else { $percentage = 0; } # end if else print "$sort{$childPid} (\%$percentage) $$dataHashRef{$childPid}{'script'}\n"; }; print "\n"; print "===========================================================\n"; } # end foreach } # end sub printResults ################################################### ($dataHashRef,$numberCompletedRef) = parseLog(); printResults($dataHashRef);