On 09/14/2006 11:04 PM, Michael Alipio wrote:
Hi,
A log file contains several of these lines:
session. blablahbla
blablabla proto:6 blablabla srcip:90.0.0.1 blablabla
blablabla srcport:3243 blablabla dstport:23 blablabla
session. blablahbla
blablabla proto:6 blablabla srcip:90.0.0.1 blablabla
blablabla srcport:3243 blablabla dstport:23 blablabla
session. blablahbla
blablabla proto:6 blablabla srcip:90.0.0.1 blablabla
blablabla srcport:3243 blablabla dstport:23 blablabla
basically, for each session, I need to obtain:
srcip, srcport, dstip, dstport, then do something with
it, say put it in a table;
So far here's what I got: :-)
my $sessionlog = shift @ARGV;
my $sessioncounter = '0';
my $start;
my $srcip;
my $srcport;
my $dstip;
my $dstport;
open SESSIONLOGS, "$sessionlog" or die $!;
while (<SESSIONLOGS>){
if (/^session/){
$start = "true";
++$sessioncounter;
}
}
[...]
This is how I might do it; however, the dstip's are not in the
data you posted:
use strict;
use warnings;
use IO::Scalar;
my $data = q{
session. blabfirst
blablabla proto:6 blablabla srcip:90.0.0.1 blablabla
blablabla srcport:3243 blablabla dstport:23 blablabla
session. blabsecond
blablabla proto:6 blablabla srcip:90.0.0.2 blablabla
blablabla srcport:3244 blablabla dstport:23 blablabla
session. blabthird
blablabla proto:6 blablabla srcip:90.0.0.3 blablabla
blablabla srcport:3245 blablabla dstport:23 blablabla
};
local $/ = '';
my $fh = new IO::Scalar \$data;
while (my $record = <$fh>) {
my %extr;
for (qw(srcip srcport dstport dstip)) {
$extr{$_} = '';
$extr{$_} = $1 if $record =~ /$_:([\d.]+)/;
}
print "$extr{srcip}|$extr{srcport}|$extr{dstip}|".
"$extr{dstport}\n";
}
$fh->close;
----------end program-------
Notice that I set $/ to '' so that entire records would be
grabbed at once.
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
<http://learn.perl.org/> <http://learn.perl.org/first-response>
