#!/usr/local/bin/bash
#
# incident parser
#
# Zoidial, Inc. 
# Eric Thern
#
# January, 2001 - original
# January 23, 2003 - updated 
#
# a quasi-frontend for incident.pl
# this takes the input file, runs incident.pl on it,
# takes the ip stored in 'ignoreip' and takes the logs 
# out of the initial input file and resaves it.
#
# made so that you can run incident.pl on the same file 
# and get NO duplicates!
# usage: reporter.sh input-log-file
#

until test
do
echo ""
echo "last ignored IP: $ignore"
echo "Running incident.pl"
echo ""
./incident.pl -A -d -H $1


echo ""
echo "y) Clean up and run again!"
echo "n) Exit."
echo ""
read test
case $test in
y)
ignore=`cat ignoreip`
sed -e "/$ignore/d" $1 > $1.rplzz
cat $1.rplzz > $1 && rm $1.rplzz
echo ""
echo "all clean! ready to run again."
echo ""
;;
n)
exit 0
;;

esac
done