Re: Split a line with Multiple data types

[Roger C Haslock]

>> Obviously, split(/  /, $line) doesn't produce the array I really want.

I don't understand the word 'obviously': what results are you getting?

Have you tried the safer 

split /\s+/, $line; # split on any sequence of whitespace

- Roger -


----- Original Message ----- 
From: "Matt Richter" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, November 13, 2001 2:41 PM
Subject: Split a line with Multiple data types


> I'm trying to split a line from a PIX Firewall log file and put it into
> an array.
> The log entries look like:
>  
> Nov 13 07:28:55 10.0.0.3 %PIX-4-400025: IDS:2154 ICMP ping of death from
> 123.123.123.123 to 124.124.124.124 on interface outside 
> 
> Here is the code i've tried:
> .............................................................
> while ($line = <LOG>) {
>        if ($line =~ /PIX-4-4000/) {                      # Match PIX
> Message ID Type
>          @fields = split(/ /, $line);                         # Populate
> @fields with data
>          $month{$fields[0]}++;                            #
>          $day{$fields[0]." ".$fields[1]}++;            # Cat Month and
> Day
>          $fields[2] =~ /(\d{2}):/;                           # Parse
> Hour from Time
>          $ltime{$fields[0]." ".$fields[1]." ".$1}++; # Cat Date and Time
> $host{$fields[3]}++;
>          $pixcode{$fields[4]}++;
>          ............etc 
> .......................................................................
> Obviously, split(/  /, $line) doesn't produce the array I really want.
>  
> Here is the format of the log entries to parse.
>  
> Month Day Time Host PIXcode IDSCode Protocol Description SourceHost To
> DestinationHost On Interface InterfaceName
>  
> Here are the string details:
> Month : Always Three Letters
> Day : May be One or Two Digits. If one Digit, it is preceded by and
> extra space. i.e. " 9"  or "10"
> Time: Always the same format
> Host : Sometimes IP number, Sometimes Hostname
> PIXCode : Always %PIX-4-4000xx:
> IDSCode : Always IDS:xxxx
> Protocol : If exists, followed by space, Sometimes not there at all
> Description : Various string lengths (2 To 6 words)
> SourceHost : Always an IP Number
> To : Always exists
> DestinationHost : Always an IP Number
> On Interface : Always exists
> InterfaceName : Always One Word
>  
>  
> Thanks!
>  
> Matt Richter
> 


-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]