-
-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathgeolocation.vbs
204 lines (170 loc) · 5.68 KB
/
geolocation.vbs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
' Geolocation of IP Address ( IP to Country) in IIS Logs
d=Now
limit=d-5
Dim fso
Set fso = CreateObject("Scripting.Filesystemobject")
Dim dic
Set dic = CreateObject("Scripting.Dictionary")
Set ip = CreateObject("Vbsedit.iptocountry")
If Not(fso.FileExists("iptocountry.bin")) Then
If fso.FileExists("iptocountry.csv") Then
ip.CreateDatabaseFromCsv "iptocountry.csv","iptocountry.bin"
Else
WScript.Quit
End If
Else
If fso.FileExists("iptocountry.csv") Then
If fso.GetFile("iptocountry.csv").DateLastModified > _
fso.GetFile("iptocountry.bin").DateLastModified Then
ip.CreateDatabaseFromCsv "iptocountry.csv","iptocountry.bin"
End If
End If
End If
'if you need to convert a lot of IP addresses
ip.LoadDatabaseIntoMemory "iptocountry.bin"
Dim theDate,theTime,serviceName,serverName,serverIP
Dim method,uriStem,uriQuery,serverPort,username,clientIp,protocolVersion
Dim userAgent,cookie,referrer,host,protocolStatus
Dim subStatus,win32Status,bytesSentByServer,bytesReceived,timeTaken
Do While d>limit
file = "C:\LogFiles\W3SVC4\u_ex" & mydatepart("yyyy",d) & mydatepart("m",d) & myDatepart("d",d) & ".log"
If Not(fso.FileExists(file)) then
Exit Do
End if
Dim ff
Set ff = fso.OpenTextFile(file,1)
Do while not(ff.AtEndofstream)
Dim str
str = ff.ReadLine
filterok=False
If left(str,9)="#Fields: " Then
ParseFieldNames split(Mid(str,10)," ")
ElseIf Left(str,1)<>"#" Then
filterok=True
ParseFields split(str," ")
End If
If filterok Then
code = ip.IpToCountry(clientIp)
country = ip.CountryCodeToCountryName(code)
WScript.Echo country
WScript.Echo theDate,theTime,serviceName,serverName,serverIP
WScript.Echo method,uriStem,uriQuery,serverPort,username,clientIp,protocolVersion
WScript.Echo userAgent,cookie,referrer,host,protocolStatus
WScript.Echo subStatus,win32Status,bytesSentByServer,bytesReceived,timeTaken
End If
Loop
d=d-1
Loop
Sub ParseFields(arr)
theDate=""
If dic.Exists("date") Then
theDate= arr(dic.Item("date"))
End If
theTime=""
If dic.Exists("time") Then
theTime= arr(dic.Item("time"))
End If
serviceName=""
If dic.Exists("s-sitename") Then
serviceName= arr(dic.Item("s-sitename"))
End If
serverName=""
If dic.Exists("s-computername") Then
serverName= arr(dic.Item("s-computername"))
End If
serverIP=""
If dic.Exists("s-ip") Then
serverIP= arr(dic.Item("s-ip"))
End If
method=""
If dic.Exists("cs-method") Then
method= arr(dic.Item("cs-method"))
End If
uriStem=""
If dic.Exists("cs-uri-stem") Then
uriStem= arr(dic.Item("cs-uri-stem"))
End If
uriQuery=""
If dic.Exists("cs-uri-query") Then
uriQuery= arr(dic.Item("cs-uri-query"))
End If
serverPort=""
If dic.Exists("s-port") Then
serverPort= arr(dic.Item("s-port"))
End If
username=""
If dic.Exists("cs-username") Then
username= arr(dic.Item("cs-username"))
End If
clientIp=""
If dic.Exists("c-ip") Then
clientIp= arr(dic.Item("c-ip"))
End If
protocolVersion=""
If dic.Exists("cs-version") Then
protocolVersion= arr(dic.Item("cs-version"))
End If
userAgent=""
If dic.Exists("cs(User-Agent)") Then
userAgent= arr(dic.Item("cs(User-Agent)"))
End If
cookie=""
If dic.Exists("cs(Cookie)") Then
cookie= arr(dic.Item("cs(Cookie)"))
End If
referrer=""
If dic.Exists("cs(Referrer)") Then
referrer= arr(dic.Item("cs(Referrer)"))
End If
host=""
If dic.Exists("cs-host") Then
host= arr(dic.Item("cs-host"))
End If
protocolStatus=""
If dic.Exists("sc-status") Then
protocolStatus= arr(dic.Item("sc-status"))
End If
subStatus=""
If dic.Exists("sc-substatus") Then
subStatus= arr(dic.Item("sc-substatus"))
End If
win32Status=""
If dic.Exists("sc-win32-status") Then
win32Status= arr(dic.Item("sc-win32-status"))
End If
bytesSentByServer=0
If dic.Exists("sc-bytes") Then
bytesSentByServer= arr(dic.Item("sc-bytes"))
End If
bytesReceived=0
If dic.Exists("cs-bytes") Then
bytesReceived= arr(dic.Item("cs-bytes"))
End If
timeTaken=0
If dic.Exists("time-taken") Then
timeTaken= arr(dic.Item("time-taken"))
End If
End Sub
Sub ParseFieldNames(arr)
dic.RemoveAll
For i=0 to UBound(arr)
dic.Add arr(i),i
Next
End Sub
Function Mydatepart(attr,d)
Dim v
v = CStr(DatePart(attr,d))
if Len(v)=1 then
v = "0" & v
elseif len(v)>2 then
v = Right(v,2)
end if
Mydatepart=v
End Function