set line {
test-443670#show logging
Logging module: enabled
Aggregation time: disabled
Console logging: level debugging
Monitor logging: disabled
Buffered logging: level debugging
Syslog logging: level debugging
Facility: local7
Log Buffer (5003 bytes):
Aug 08 15:44:02 2014: %DATAPLANE-5-: Searching rname(TYPE_A) qweplost.com in dns
_hash_table.
Aug 08 15:43:58 2014: %DATAPLANE-5-: Unrecognized HTTP URL www.google-analytics.
com. Flow: 0x8707e380.
Aug 08 15:43:58 2014: %DATAPLANE-5-: Unrecognized HTTP URL www.google-analytics.
com. Flow: 0x8707e380.
Aug 08 15:43:58 2014: %DATAPLANE-5-: Searching rname(TYPE_A) ocsp.verisign.net i
n dns_hash_table.
Aug 08 15:43:58 2014: %DATAPLANE-5-: Searching rname(TYPE_A) www-google-analytic
s.l.google.com in dns_hash_table.
Aug 08 15:43:58 2014: %DATAPLANE-5-: Searching rname(TYPE_A) www-google-analytic
s.l.google.com in dns_hash_table.
Aug 08 15:43:58 2014: %DATAPLANE-5-: Searching rname(TYPE_A) www-google-analytic
s.l.google.com in dns_hash_table.
Aug 08 15:43:58 2014: %DATAPLANE-5-: Searching rname(TYPE_A) www-google-analytic
s.l.google.com in dns_hash_table.
Aug 08 15:43:58 2014: %DATAPLANE-5-: Searching rname(TYPE_A) www-google-analytic
s.l.google.com in dns_hash_table.
Aug 08 15:43:58 2014: %DATAPLANE-5-: Searching rname(TYPE_A) www-google-analytic
s.l.google.com in dns_hash_table.
Aug 08 15:43:58 2014: %DATAPLANE-5-: Searching rname(TYPE_A) www-google-analytic
s.l.google.com in dns_hash_table.
Aug 08 15:43:58 2014: %DATAPLANE-5-: Searching rname(TYPE_A) www-google-analytic
s.l.google.com in dns_hash_table.
Aug 08 15:43:58 2014: %DATAPLANE-5-: Searching rname(TYPE_A) www-google-analytic
s.l.google.com in dns_hash_table.
Aug 08 15:43:58 2014: %DATAPLANE-5-: Searching rname(TYPE_A) www-google-analytic
s.l.google.com in dns_hash_table.
Aug 08 15:43:58 2014: %DATAPLANE-5-: Searching rname(TYPE_A) www-google-analytic
s.l.google.com in dns_hash_table.
Aug 08 15:43:57 2014: %DATAPLANE-5-: Searching rname(TYPE_AAAA) www-google-analy
tics.l.google.com in dns_hash_table.
Aug 08 15:43:57 2014: %DATAPLANE-5-: Unrecognized HTTP URL www.babelgum.com. Flo
w: 0x8706ed80.
Aug 08 15:43:57 2014: %DATAPLANE-5-: Unrecognized Server Cert CommonName RapidSS
L CA. Flow: 0x87073e80.
Aug 08 15:43:57 2014: %DATAPLANE-5-: Unrecognized Server Cert CommonName GeoTrus
t Global CA. Flow: 0x87073e80.
Aug 08 15:43:57 2014: %DATAPLANE-5-: Unrecognized Server Cert CommonName *.elite
modellook.com. Flow: 0x87073e80.
Aug 08 15:43:57 2014: %DATAPLANE-5-: Unrecognized Server Cert CommonName RapidSS
L CA. Flow: 0x87073e80.
Aug 08 15:43:57 2014: %DATAPLANE-5-: Unrecognized HTTP URL www.babelgum.com. Flo
w: 0x8706ed80.
Aug 08 15:43:57 2014: %DATAPLANE-5-: Unrecognized Client Hello ServerName ?www.b
abelgum.com. Flow: 0x87073e80. len_analyzed: 183.
Aug 08 15:43:57 2014: %DATAPLANE-5-: Unrecognized HTTP URL www.babelgum.com. Flo
w: 0x8706ed80.
Aug 08 15:43:57 2014: %DATAPLANE-5-: Searching rname(TYPE_A) elite-862037136.eu-
west-1.elb.amazonaws.com in dns_hash_table.
Aug 08 15:43:57 2014: %DATAPLANE-5-: Searching rname(TYPE_A) elite-862037136.eu-
west-1.elb.amazonaws.com in dns_hash_table.
Aug 08 15:43:53 2014: ap622-443670 : %SYSTEM-6-CONFIG_REVISION: Configuration re
vision updated to 36 from 35
Aug 08 15:43:53 2014: ap622-443670 : %SYSTEM-6-CONFIG_REVISION: Configuration re
vision updated to 35 from 34
Aug 08 15:43:53 2014: ap622-443670 : %SYSTEM-6-CONFIG_COMMIT: Configuration comm
it by user 'admin' (mapsh) from '127.0.0.1'
Aug 08 15:43:48 2014: ap622-443670 : %SYSTEM-5-LOGIN: Successfully logged in use
r 'admin' with privilege 'superuser' from 'pts/0'
Aug 08 15:43:48 2014: %AUTH-6-INFO: login[5597]: user 'admin' on 'pts/0' logged
in
Aug 08 15:43:42 2014: %DATAPLANE-5-: Searching rname(TYPE_A) qweplost.com in dns
_hash_table.
Aug 08 15:43:28 2014: %DATAPLANE-5-: Searching rname(TYPE_A) google.com in dns_h
ash_table.
Aug 08 15:43:28 2014: %DATAPLANE-5-: Searching rname(TYPE_A) google.com in dns_h
ash_table.
Aug 08 15:43:28 2014: %DATAPLANE-5-: Searching rname(TYPE_A) google.com in dns_h
ash_table.
Aug 08 15:43:28 2014: %DATAPLANE-5-: Searching rname(TYPE_A) google.com in dns_h
ash_table.
Aug 08 15:43:28 2014: %DATAPLANE-5-: Searching rname(TYPE_A) google.com in dns_h
ash_table.
Aug 08 15:43:28 2014: %DATAPLANE-5-: Searching rname(TYPE_A) google.com in dns_h
ash_table.
Aug 08 15:43:28 2014: %DATAPLANE-5-: Searching rname(TYPE_A) google.com in dns_h
ash_table.
Aug 08 15:43:28 2014: %DATAPLANE-5-: Searching rname(TYPE_A) google.com in dns_h
ash_table.
Aug 08 15:43:28 2014: %DATAPLANE-5-: Searching rname(TYPE_A) google.com in dns_h
ash_table.
Aug 08 15:43:28 2014: %DATAPLANE-5-: Searching rname(TYPE_A) google.com in dns_h
ash_table.
Aug 08 15:43:28 2014: %DATAPLANE-5-: Searching rname(TYPE_A) google.com in dns_h
ash_table.
Aug 08 15:43:11 2014: %DATAPLANE-5-: Searching rname(TYPE_A) zeplost.com in dns_
hash_table.
Aug 08 15:42:50 2014: %DATAPLANE-5-: Searching rname(TYPE_A) zeplost.com in dns_
hash_table.
Aug 08 15:42:20 2014: %DATAPLANE-5-: Searching rname(TYPE_A) replost.com in dns_
hash_table.
Aug 08 15:41:59 2014: %DATAPLANE-5-: Searching rname(TYPE_A) replost.com in dns_
hash_table.
Aug 08 15:39:46 2014: ap622-443670 : %SYSTEM-6-LOGOUT: Logged out user 'admin' w
ith privilege 'superuser' from '127.0.0.1'
}
set URL [list]
set chs [list]
set shs [list]
set scs [list]
set rname [list]
set cURL 0
set cchs 0
set cshs 0
set cscs 0
set crname 0
regsub -all {[\r\n]} $line "" line
foreach {whole type payload} [regexp -all -inline {(?x)
\y ( URL
| (?: Client | Server)[ ]Hello[ ]ServerName
| Server[ ]Cert[ ]CommonName
| rname\([^)]+\) )
\s+ ((?:(?![ ]Flow:| in[ ]dns_hash_table).)+)
} $line] {
switch -regexp $type {
URL {lappend URL $payload; incr cURL}
{Client Hello ServerName} {lappend chs $payload; incr cchs}
{Server Hello ServerName} {lappend shs $payload; incr cshs}
{Server Cert CommonName} {lappend scs $payload; incr cscs}
{rname\([^)]+\)} {lappend rname $payload; incr crname}
}
}
set max [lindex [lsort -decreasing [list $cURL $cchs $cshs $cscs $crname]] 0]
set i 0
set all_list [list]
while {$max != $i} {
if {[catch {regsub -all {\s} [lindex $URL $i] "" one}]} {set one ""}
if {[catch {regsub -all {\s} [lindex $chs $i] "" two}]} {set two ""}
if {[catch {regsub -all {\s} [lindex $shs $i] "" three}]} {set three ""}
if {[catch {regsub -all {\s} [lindex $scs $i] "" four}]} {set four ""}
if {[catch {regsub -all {\s} [lindex $rname $i] "" five}]} {set five ""}
lappend all_list [join [list $one $two $three $four $five] ,]
incr i
}
puts [join $all_list \n]