IASON

Information

Development

CVS Repository

Mail Lists

IASON-users

How IASON feels the host it is living on.

proc2pl reads the /proc filesystem to find out whatever it can about the local host.

proc2pl

will put a big mess on the screen but we can identify repeating records that may be interpreted by a prolog system.

host_type("echnaton","(none)","Linux echnaton 2.2.19 #15").

We are running on a host called "echnaton" that is driven by linux 2.2.19.
If we are running proc2pl again next week we can see when updates changed the linux version.
When we run proc2pl on a different host, it will show us.
IASON knows on what host it is running and it knows when the os gets updated.

host_name("IP192168048001","sid.lomiheim"). host_alias("sid","sid.lomiheim").

IASON knows about ip-addresses, hostnames and aliases. It could build the /etc/hosts file from its knowledge.

route_static("IP000000000000","IP192168048001","IP000000000000","echnaton","eth0").

This is a route entry showing default route, gateway, and interface. This route is valid for host echnaton. We could compare it with routes from other hosts and build a routing network from it.

route_cache("IP084167241137","IP192168048001","IP192168048228","echnaton","eth0").

This is a learned route, to a single host, via gateway, echnatons ip and again interface eth0.

ether_addr("MAC00E07D97DD25","IP192168048226","echnaton","eth0").

IASON knows about MAC addresses and can find new hosts or intruders. If it was not such a mess. If it was more readable. If it made more sense. sort can sort it out. pl2txt can make it readable.

proc2pl | sort | pl2txt ether_addr("00:0B:82:02:04:32","192.168.48.1","echnaton","eth0"). ether_addr("00:E0:7D:97:DD:25","192.168.48.226","echnaton","eth0"). ether_addr("zz:zz:zz:zz:zz:zz","zzz.zzz.zzz.zzz","echnaton","zzzz"). host_alias("lumbamba","lumbamba.lomiheim"). host_alias("sid","sid.lomiheim"). host_alias("zzzzzzzz","zzzzzzzz"). host_name("0.0.0.0","default"). host_name("44.128.28.0","styx"). host_name("127.0.0.0","loopback"). host_name("192.168.20.0","n"). host_name("192.168.48.0","lomiheim"). host_name("192.168.48.1","sid.lomiheim"). host_name("192.168.48.226","lumbamba.lomiheim"). host_name("192.168.208.0","niflheim"). host_name("zzz.zzz.zzz.zzz","zzzzzzzz"). host_type("echnaton","(none)","Linux echnaton 2.2.19 #15"). route_cache("61.152.158.123","192.168.48.1","192.168.48.228","echnaton","eth0"). route_cache("84.167.96.132","192.168.48.1","192.168.48.228","echnaton","eth0"). route_cache("84.167.100.249","192.168.48.1","192.168.48.228","echnaton","eth0"). route_cache("84.167.101.56","192.168.48.1","192.168.48.228","echnaton","eth0"). route_cache("84.167.108.25","192.168.48.1","192.168.48.228","echnaton","eth0"). route_cache("84.167.127.208","192.168.48.1","192.168.48.228","echnaton","eth0"). route_cache("84.167.154.9","192.168.48.1","192.168.48.228","echnaton","eth0"). route_cache("84.167.189.116","192.168.48.1","192.168.48.228","echnaton","eth0"). route_cache("84.167.213.187","192.168.48.1","192.168.48.228","echnaton","eth0"). route_cache("84.167.242.44","192.168.48.1","192.168.48.228","echnaton","eth0"). route_cache("84.167.245.114","192.168.48.1","192.168.48.228","echnaton","eth0"). route_cache("192.168.48.226","192.168.48.226","192.168.48.228","echnaton","eth0"). route_cache("192.168.48.228","192.168.48.228","61.152.158.123","echnaton","lo"). route_cache("192.168.48.228","192.168.48.228","84.167.69.73","echnaton","lo"). route_cache("192.168.48.228","192.168.48.228","84.167.96.132","echnaton","lo"). route_cache("192.168.48.228","192.168.48.228","84.167.100.249","echnaton","lo"). route_cache("192.168.48.228","192.168.48.228","84.167.101.56","echnaton","lo"). route_cache("192.168.48.228","192.168.48.228","84.167.108.25","echnaton","lo"). route_cache("192.168.48.228","192.168.48.228","84.167.127.208","echnaton","lo"). route_cache("192.168.48.228","192.168.48.228","84.167.154.9","echnaton","lo"). route_cache("192.168.48.228","192.168.48.228","84.167.189.116","echnaton","lo"). route_cache("192.168.48.228","192.168.48.228","84.167.213.187","echnaton","lo"). route_cache("192.168.48.228","192.168.48.228","84.167.245.114","echnaton","lo"). route_cache("192.168.48.228","192.168.48.228","84.167.255.2","echnaton","lo"). route_cache("192.168.48.228","192.168.48.228","192.168.48.226","echnaton","lo"). route_cache("192.168.48.228","192.168.48.228","213.5.31.155","echnaton","lo"). route_cache("213.5.31.155","192.168.48.1","192.168.48.228","echnaton","eth0"). route_cache("zzzzzzzz","zzzzzzzz","255.255.255.255","echnaton","zzzz"). route_static("0.0.0.0","192.168.48.1","0.0.0.0","echnaton","eth0"). route_static("44.128.28.0","0.0.0.0","255.255.255.0","echnaton","eth0"). route_static("127.0.0.0","0.0.0.0","255.0.0.0","echnaton","lo"). route_static("192.168.20.0","0.0.0.0","255.255.255.0","echnaton","eth0"). route_static("192.168.48.0","0.0.0.0","255.255.255.0","echnaton","eth0"). route_static("192.168.208.0","0.0.0.0","255.255.255.0","echnaton","eth0"). route_static("zzzzzzzz","zzzzzzzz","255.255.255.255","echnaton","zzzz").

Looks much better now. The "zzz" records make table delimitters to make work easier for a prolog system. Noticed that ip addresses are sorted in correct order? Ever wondered why /etc/hosts never is sorted in order? Without prolog we can use grep.

proc2pl | grep IP192168048001 | pl2txt host_name("192.168.48.1","sid.lomiheim"). route_static("0.0.0.0","192.168.48.1","0.0.0.0","echnaton","eth0"). route_cache("84.167.120.80","192.168.48.1","192.168.48.228","echnaton","eth0"). route_cache("84.167.69.73","192.168.48.1","192.168.48.228","echnaton","eth0"). route_cache("84.167.182.185","192.168.48.1","192.168.48.228","echnaton","eth0"). route_cache("84.167.127.208","192.168.48.1","192.168.48.228","echnaton","eth0"). route_cache("84.167.254.113","192.168.48.1","192.168.48.228","echnaton","eth0"). route_cache("84.167.59.187","192.168.48.1","192.168.48.228","echnaton","eth0"). route_cache("84.167.102.164","192.168.48.1","192.168.48.228","echnaton","eth0"). route_cache("61.152.158.123","192.168.48.1","192.168.48.228","echnaton","eth0"). route_cache("84.167.96.132","192.168.48.1","192.168.48.228","echnaton","eth0"). route_cache("84.167.108.25","192.168.48.1","192.168.48.228","echnaton","eth0"). route_cache("84.167.221.139","192.168.48.1","192.168.48.228","echnaton","eth0"). route_cache("213.5.31.155","192.168.48.1","192.168.48.228","echnaton","eth0"). route_cache("84.167.245.114","192.168.48.1","192.168.48.228","echnaton","eth0"). ether_addr("00:0B:82:02:04:32","192.168.48.1","echnaton","eth0").

IASON has found my local router, its ip and all the hosts it routes currently. And of course it knows its MAC address.

proc2pl | grep IP192168048226 | pl2txt route_cache("192.168.48.226","192.168.48.226","192.168.48.228","echnaton","eth0"). route_cache("192.168.48.228","192.168.48.228","192.168.48.226","echnaton","lo"). host_name("192.168.48.226","lumbamba.lomiheim"). ether_addr("00:E0:7D:97:DD:25","192.168.48.226","echnaton","eth0").

Now it has found all about my workstation. Coding ip addresses like IP192168048226 makes life easier for grep and prolog. Same goes for MAC addresses like MAC00E07D97DD25. After piping them through pl2txt they will be readable for your eyes. like "192.168.48.226" and "00:E0:7D:97:DD:25" Did you ever try to find an ip address in a logfile?

Last updated October 23, 2008.