Select Git revision
-
David Sehnal authoredDavid Sehnal authored
IPblacklist.pm 1.20 KiB
package IPblacklist;
use strict;
use warnings;
use Data::Dumper;
my %CONSTANTS = (
outputfile => "tmp/blacklist.csv",
threshold => 200,
excludedip => [],
eventtype => [],
maxage => "1D",
);
my %FORMAT = ( maxage => qr/\d+[hdmHDM]/, );
sub run {
my (undef, $modprefix, $cfg, $dbh, $db_engine) = @_;
my $v = Constants::mergeConfigs($cfg, $modprefix, \%CONSTANTS, \%FORMAT);
my $eventtype_query = DB::joinIN("type", \@{$v->{'eventtype'}});
my $excluded_query = DB::joinNotIN("source", \@{$v->{'excludedip'}});
my $condition = substr($excluded_query . $eventtype_query, 0, -5);
my @columns= ("source");
my @params = ($condition, DB::getOldDataDB($db_engine, "NEWER", $v->{'maxage'}));
my $query = DB::getQueryCondThreshold($db_engine, "events", \@columns, \@params, $v->{'threshold'});
my @rows = Utils::fetchall_array_hashref($dbh, $query);
sub record { my $r = shift; return "$r->{'source'},\n"; };
my $ret = Utils::generateOutput($v->{'outputfile'}, \@rows, undef, \&record, undef, $v);
return $ret;
}
1;