#!/usr/bin/perl -w

# 20041210  mroth@solutix.ch && ryter@solutix.ch 
# File:     scrutinizer 
# Version:  1.0 
# Group:    security
# Legal:    GPL 
# Usage:   	./scrutinizer [logfile] 
#           zcat [gzipped logfile] | ./scrutinizer -
#           tail -f /var/log/apache2/access_log | ./scrutinizer -
# Purpose:	analyze apache access logfiles 
#			and take defending messures against
#			clients that violate the trained tresholds 
# EdHist:
# 20041210  1.0 first public release 


use SM::Init;
use SM::Loop;
use SM::PP;
use SM::Statistic;
use SM::Conf;
use SM::HashTable;
use SM::Plot;
use Time::HiRes qw(gettimeofday);
require SM::RRD if ($SM::Conf::DO_RRD_STAT);

use strict;
use warnings;

# read the command line arguments.
# this function will return the filehandle for the logfile
*FH=SM::Init::parse_cmd_args(@ARGV);

# check external applications
SM::Init::check_ext_apps();

# write the pid file
SM::Tools::write_pid_file();

# register the signal handlers for the signals we like to catch
SM::Init::register_sig_handler();

# initialize the hashtable structure were all ip entires
# will be stored
SM::Init::init_struct();

# initialize a array with some wights used for the swa 
SM::Init::init_sum();

# open the different alert logs
SM::Init::open_alert_logs();

# start the processing of the logfile
SM::Loop::run(*FH);

# write out the datastructure we currently have in memory
SM::Statistic::data_struct() if ($SM::Conf::DEBUG>1);

# write the statistic files used by gnuplot
SM::Statistic::write_stat() if ($SM::Conf::DO_STATISTICS);

# create the graphics AND try to fit the graphs if we're in training mode
SM::Plot::run() if ($SM::Conf::DO_STATISTICS);

# print out were we used the processor time...
SM::Tools::benchmark_results() if ($SM::Conf::BENCHMARK);

# remove the pidfile
SM::Tools::remove_pid_file();
