On Tuesday 20 July 2004 10:34 am, [EMAIL PROTECTED] wrote: > Ok, this may or may not be a tricky one I will try and be succinct in my > statement. > > I have a database (mysql 4.0) with radius log entries for each day, we > receive emails about Acceptable Use Abuses and must figure out exactly > who was online with a certain IP address when the abuse occurred. As you > will see below there are multiple starts and stops for any given IP > address so here is the scenario: > > Problem: Spam Abuse > IP of offender: 66.50.xxX.245 > Date of offense: 2004-07-05 > Time of offense: 16:15 > > Now if I query the database based on date and ip address, I get the > following: > Id Date Time Record Type Full > Name IP Address > ====== ==== ============ ============ ============ > ========================= > > 349 2004-07-05 11:21:08 Start [EMAIL PROTECTED] > 66.50.xxX.245 > 345 2004-07-05 11:21:09 Start [EMAIL PROTECTED] > 66.50.xxX.245 > 413 2004-07-05 11:22:32 Stop [EMAIL PROTECTED] > 66.50.xxX.245 > 118984 2004-07-05 17:22:26 Start [EMAIL PROTECTED] > 66.50.xxX.245 > 149049 2004-07-05 18:36:19 Stop [EMAIL PROTECTED] > 66.50.xxX.245 > 90344 2004-07-05 16:09:40 Start [EMAIL PROTECTED] > 66.50.xxX.245 > 90380 2004-07-05 16:09:40 Start [EMAIL PROTECTED] > 66.50.xxX.245 > 97630 2004-07-05 16:28:20 Stop [EMAIL PROTECTED] > 66.50.xxX.245 > 97671 2004-07-05 16:28:20 Stop [EMAIL PROTECTED] > 66.50.xxX.245 > 97598 2004-07-05 16:28:20 Stop [EMAIL PROTECTED] > 66.50.xxX.245 > 149142 2004-07-05 18:36:33 Start [EMAIL PROTECTED] > 66.50.xxX.245 > 310758 2004-07-05 18:36:33 Start [EMAIL PROTECTED] > 66.50.xxX.245 > 117382 2004-07-05 17:18:34 Start [EMAIL PROTECTED] > 66.50.xxX.245 > 117437 2004-07-05 17:18:34 Start [EMAIL PROTECTED] > 66.50.xxX.245 > 117351 2004-07-05 17:18:34 Start [EMAIL PROTECTED] > 66.50.xxX.245 > 118181 2004-07-05 17:20:34 Stop [EMAIL PROTECTED] > 66.50.xxX.245 > 807 2004-07-05 11:27:55 Start [EMAIL PROTECTED] > 66.50.xxX.245 > 805 2004-07-05 11:27:56 Start [EMAIL PROTECTED] > 66.50.xxX.245 > 158170 2004-07-05 18:56:54 Start [EMAIL PROTECTED] > 66.50.xxX.245 > 161543 2004-07-05 19:04:02 Stop [EMAIL PROTECTED] > 66.50.xxX.245 > 110780 2004-07-05 17:01:56 Start [EMAIL PROTECTED] > 66.50.xxX.245 > 116436 2004-07-05 17:16:09 Stop [EMAIL PROTECTED] > 66.50.xxX.245 > > now of course I changed the usernames and modified the IP for this > mailing but that doesn't matter, now, the time field in the Database IS > a time data type. What I need to be able to do is find the start before > the offense time, and the stop after the offense time so I know that the > person with the start and the stop is the one that committed the abuse. > > I haven't actually put code to bits yet, because I am not exactly sure > how to go about creating this logic code. I don't think I can just say > if $timefield < time of offense and $timefield > time of offense; return > some stuff. > > So any help on how to start with this would be greatly appreciated. > > Chris Hood > Investigator Verizon Global Security Operations Center > Email: <mailto:[EMAIL PROTECTED]> > [EMAIL PROTECTED] > Desk: 972.399.5900 > > Verizon Proprietary > > NOTICE - This message and any attached files may contain information > that is confidential and/or subject of legal privilege intended only for > the use by the intended recipient. If you are not the intended > recipient or the person responsible for delivering the message to the > intended recipient, be advised that you have received this message in > error and that any dissemination, copying or use of this message or > attachment is strictly forbidden, as is the disclosure of the > information therein. If you have received this message in error please > notify the sender immediately and delete the message.
Not sure as I am a newbie also. Can you sort by name, then sort that result by day, then sort that result by time?. This I think should give the offense notifications for a particular user..??? -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] <http://learn.perl.org/> <http://learn.perl.org/first-response>