用R语言统计用户登录信息

#设置统计时间段 格式： yyyy-mm-dd-hh-mm-ss
#如： 2013-09-10-00-00-00                  
start.time = "2013-09-01-00-00-00"
stop.time = "2013-10-13-00-00-00"

#伪装用户名
fake = T

library(lattice)
file = "login.log"
lines = readLines(con=file)
data = NULL
in.time = NULL
ch2d = function(x=NULL)
{
  if(x=="Jan") return(1)
  if(x=="Feb") return(2)
  if(x=="Mar") return(3)
  if(x=="Apr") return(4)
  if(x=="May") return(5)
  if(x=="Jun") return(6)
  if(x=="Jul") return(7)
  if(x=="Aug") return(8)
  if(x=="Sep") return(9)
  if(x=="Oct") return(10)
  if(x=="Nov") return(11)
  if(x=="Dec") return(12)
}


for( i in lines)
{
  if( grepl(pattern="still",x=i)
      | grepl(pattern="reboot",x=i)
      | grepl(pattern="tty",x=i)
      | grepl(pattern="wtmp",x=i)
      | grepl(pattern="crash",x=i)
      | grepl(pattern="down",x=i)
      | i=="")
    next
  tmp = unlist(strsplit(x=i,split=" "))
  tmp = tmp[tmp!=""]
  tmp[10] = gsub(pattern="\\(",replacement="",x=tmp[10])
  tmp[10] = gsub(pattern="\\)",replacement="",x=tmp[10])
  tmp = c(tmp,unlist(strsplit(x=tmp[7],split=":")),unlist(strsplit(x=tmp[9],split=":")))
  if(length(unlist(strsplit(x=tmp[10],split="\\+")))==2)
  { http://cda.pinggu.org/view/4496.html
    day = unlist(strsplit(x=tmp[10],split="\\+"))[1]
    tmp[10] = unlist(strsplit(x=tmp[10],split="\\+"))[2]
  } else day = 0
  hour = unlist(strsplit(x=tmp[10],split=":"))[1]
  min = unlist(strsplit(x=tmp[10],split=":"))[2]
  time = as.numeric(day) * 24 * 60 + as.numeric(hour) * 60 + as.numeric(min)
  in.time = c(in.time,time)
  rm(time)
  data = rbind(data,tmp)
}
login.time = ISOdatetime(year=2013,month=lapply(X=data[,5],FUN=ch2d),day=data[,6],hour=data[,11],min=data[,12],sec=0)
rownames(data) = 1:nrow(data)
data = data.frame(data[,c(1,3:6,11,12)],in.time)
colnames(data) = c("user","IP","week","month","day","hour","min","time")

# 筛选统计时间段
start.time = as.numeric(unlist(strsplit(x=start.time,split="-")))
stop.time = as.numeric(unlist(strsplit(x=stop.time,split="-")))

start.time = ISOdatetime(year=start.time[1],month=start.time[2],
                         day=start.time[3],hour=start.time[4],
                         min=start.time[5],sec=start.time[6])
stop.time = ISOdatetime(year=stop.time[1],month=stop.time[2],
                         day=stop.time[3],hour=stop.time[4],
                         min=stop.time[5],sec=stop.time[6])
data = data[login.time>=start.time&login.time<=stop.time,]
print(paste(nrow(data),"records after filter."),quote=F)

#伪装用户名
if( fake == T )
{
#  fake.name = matrix(sample(100:120,length(levels(data$user))*9,replace=T),ncol=9)

#  fake.name = apply(fake.name,1,function(x)paste(intToChar(x),collapse=""))    
  fake.name = rep("",length=nrow(data))
  for( i in unique(data$user))
  {
    fake.name[data$user==i] = paste(intToChar(sample(100:120,9)),collapse="")
  }
  data = cbind(data,fake.name)
  data = data[,c(9,2:8)]
}
colnames(data) = c("user","IP","week","month","day","hour","min","time")

#统计每个用户登录时间数
time.per.user = data.frame(user=character(),time=numeric())
for( i in unique(data$user))
{
  time.per.user = rbind(time.per.user,data.frame(user=i,time=sum(in.time[data$user==i])))
}
time.per.user = time.per.user[order(time.per.user$time),]
tp1 = barchart(time~user,time.per.user,scale=list(x=list(rot=90)),ylab="Time(minutes)")

#统计局域网外的ip登录数
IP.info = data$IP
IP.info = IP.info[!grepl(pattern="^10",x=IP.info)]
IP.info = IP.info[!grepl(pattern="^192",x=IP.info)]
IP.info = IP.info[!grepl(pattern="cu",x=IP.info)]
IP.info = IP.info[!grepl(pattern="io",x=IP.info)]
IP.info = IP.info[!grepl(pattern=":",x=IP.info)]
print(paste(" IP counts :",length(unique(IP.info))),quote=F)

#统计不同用户使用不同ip登录次数
tp2 = histogram(IP~user,data,scales=list(x=list(rot=90)))

plot(tp1,split=c(1,1,1,2))
plot(tp2,split=c(1,2,1,2),new=F)