Here is a start. I have placed the first 6 items in the array and placed the
rest in the seventh item. From here you should be able to determine if a protocol
exists or start of derscription then you should be able to generate a simple regex to
get the description plus the other data from
your processing.
Wags ;)
Script starts next line:
#!perl -w
my @MyData = ();
while ( <DATA> ) {
chomp;
@MyData = split(/\s+/, $_,7);
my $MyId = 0;
foreach ( @MyData ) {
printf "%3d: %-s\n", $MyId++, $_;
}
}
__DATA__
Nov 13 07:28:55 10.0.0.3 %PIX-4-400025: IDS:2154 ICMP ping of death from
123.123.123.123 to 124.124.124.124 on interface outside
^------------ Script ends here
Output:
0: Nov
1: 13
2: 07:28:55
3: 10.0.0.3
4: %PIX-4-400025:
5: IDS:2154
6: ICMP ping of death from 123.123.123.123 to 124.124.124.124 on interface outside
-----Original Message-----
From: Matt Richter [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, November 13, 2001 15:46
To: [EMAIL PROTECTED]
Subject: Split a line with Mutiple data type/lengths
I'm trying to split a line from a PIX Firewall log file and put it into
an array. The log entries look like:
Nov 13 07:28:55 10.0.0.3 %PIX-4-400025: IDS:2154 ICMP ping of death from
123.123.123.123 to 124.124.124.124 on interface outside
Here is the code i've tried:
...............................................................
while ($line = <LOG>) {
if ($line =~ /PIX-4-4000/) { # Match PIX Message ID Type
@fields = split(/ /, $line); # Populate @fields with data
$month{$fields[0]}++; #
$day{$fields[0]." ".$fields[1]}++; # Cat Month and Day
$fields[2] =~ /(\d{2}):/; # Parse Hour from Time
$ltime{$fields[0]." ".$fields[1]." ".$1}++; # Cat Date and Time
$host{$fields[3]}++;
$pixcode{$fields[4]}++;
............etc
.........................................................................
Obviously, split(/ /, $line) doesn't produce the array I really want.
Here is the format of the log entries to parse.
Month Day Time Host PIXcode IDSCode Protocol Description SourceHost To
DestinationHost On Interface InterfaceName
Here are the string details:
Month : Always Three Letters
Day : May be One or Two Digits. If one Digit, it is preceded by and
extra space. i.e. " 9" or "10"
Time: Always the same format
Host : Sometimes IP number, Sometimes Hostname
PIXCode : Always %PIX-4-4000xx:
IDSCode : Always IDS:xxxx
Protocol : If exists, followed by space, Sometimes not there at all
Description : Various string lengths (2 To 6 words)
SourceHost : Always an IP Number
To : Always exists
DestinationHost : Always an IP Number On
Interface : Always exists
InterfaceName : Always One Word
Thanks!
Matt Richter
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
