#!/usr/bin/python3

import os, time, gzip
from subprocess import Popen, PIPE

PREFIX = "/var/log/conntrack"
INTERVAL = 3600 # seconds

def MB(value):
    return "%4.2f MB" % (value/1048576)

def process_data(ct):
    last_hour = ""
    log = None
    try:
      while True:
        row = ct.stdout.readline()
        if row==b"" or row==b"\n":
          print("Empty row, exiting ...")
          break
        ts, row = row.split(b"\t", 1)
        ts = float(ts.strip(b"[]"))
        t = time.strftime("%H:%M:%S", time.gmtime(ts))
        hour = time.strftime("%Y-%m-%d_%Hh",
                             time.gmtime(ts//INTERVAL*INTERVAL))
        if last_hour!=hour:
          if log:
            print("%s: %s uncompressed, %s compressed"
                  % (logfn, MB(log.tell()), MB(log.fileobj.tell())))
            log.close()
          logfn = os.path.join(PREFIX, hour+".ct.log.gz")
          print(logfn, "opened")
          log = gzip.open(logfn, "wb")
          last_hour = hour
        log.write(t.encode()+b" "+row)
        #print(t, hour, row.strip().decode())
    except KeyboardInterrupt:
      if log:
        log.close()

if __name__ == "__main__":
  ct = Popen(
    "conntrack -E -o timestamp -e NEW,DESTROY -b 10485760".split(),
    stdout=PIPE
  )
  process_data(ct)
