Re: Understanding Perl script functionality

Sun, 21 Sep 2008 10:50:01 -0700 

On Sep 19, 10:07 pm, [EMAIL PROTECTED] (Stephen Reese) wrote:
> I am working on modifying a script that previously parsed Cisco ACL's
> and changing it to parse IPS information.
>
> Here is an example of the two log formats.
>
> Sep 19 15:44:29 172.16.2.1 59800: 3725router: Sep 19 19:44:39: %SEC-6-
> IPACCESSLOGP: list 104 denied udp 93.144.187.255(13157) ->
> 68.156.63.111(49615), 1 packet
> Sep 19 15:44:29 172.16.2.1 59801: 3725router: Sep 19 19:44:40: %IPS-4-
> SIGNATURE: Sig:3051 Subsig:1 Sev:4 TCP Connection Window Size DoS
> [194.255.113.170:59920 -> 68.156.63.111:49615]
>
> Here is the original 
> script:http://www.experts-exchange.com/Programming/Languages/Scripting/Perl/...
>
> Here is what I have been able to come up with. It runs but of course
> there is no output. Any hints about where I should go next to debug
> would be great. Thanks.
>
> #!/usr/bin/perl
> #
You're missing 2 very important pragmas that should be in every script
you write.

use warnings; #
use strict;   # forces you to declare your vars prior to their use.

> #
> # Set behaviour
> $log="/var/log/cisco.log";
my $log = '/var/log/cisco.log';

> $ntop=10;
my $ntop = 10;
my (%quad, %port);

> #
> chomp ($sig=$ARGV[0]);
> if ($sig eq "") { $sig=".*"};
Personally, I'd reduce those 2 lines to:
chomp ( my $sig = $ARGV[0] || '.*' );

>
> open(LOG , "<$log") or die;
It's preferable/better to use a lexical var for the filehandle instead
of the bareword and to use the 3 arg form of open and include the
reason it failed in the die statement.
open my $LOG, '<', $log or die "Can't open $log $!";

> while (<LOG>) {
while (<$LOG>) {
>  if (/SIGNATURE: Sig:$sig Subsig:$subsig Sev:$sev $message \[([0-9.]+):
> ([0-9]+)\s*->\s*([0-9.]+)([0-9]+)\] /)
> {
The warnings pragma will point out the following problems in the
regex.
Name "main::subsig" used only once: possible typo at ....
Name "main::message" used only once: possible typo at ....
Name "main::sev" used only once: possible typo at ....

Once you fix those issues, the script will probably work as expected,
but if not, you'll need to tweak the regex.


-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
http://learn.perl.org/

Reply via email to