> I don't see where you're printing $x to check.
Jay, I probably was not and do not know how to :-).
> Assuming you have actually checked $x, though, the important question
> isn't whether $x == `grep -c regex /your/log/file`.
>
> The important question is whether $x == scalar keys %srca.
>
> If those two match, then you still have a problem with your regex,
> somewhere. Remember that Perl regex is very different from grep, and
> if you are using the same RE in both, you will get different results.
> I particular, all those /\s*/ may be grabbing more than you think the
> are. You also seem to possibly have an extra unescapred ']' in the
> middle of the pattern (which leads me to ask: you do have warnings
> turned on, right?).
I understand what you're getting at here. Hmm I guess the extra ']'
isn't causing a problem since warnings are turned on.
> On the other hand, if $x != scalar keys %srca (or scalar keys %quad),
> then you are incrementing $x more often than you think, possibly
> somewhere else in the program.
>
> $x is probably just superfluous and distracting, anyway. The number of
> key/value pairs in %scra, %quad, or %port will tell you how many times
> your regex matched.
>
> In fact, why bother with hashes at all, here? You're just using them
> to keep track of order. That's not what hashes are for. That's what
> ordered lists (arrays) are for:
>
> my (@srca, @quad, @port );
>
> while (<LOG>) {
> next unless
> /Sig:\s*(\d+)\s+Subsig:\s*(\d+)\s+Sev:\s*(\d+)([^\[]+)\[([\d\.]+):(\d+)\s*->\s*([\d\.]+):(\d+)\]/;
> push @srca, $5;
> push @quad, sprintf '%-16s -> %-16s Port %-6s %-s', $5, $7, $8, $4;
> push @port, sprintf 'Sig %-6s Severity %-2s', $1, $2;
> }
>
> my $i = 0;
> print ++$i, ": $_\n" foreach sort {$a <=> $b} @srca;
>
> HTH,
>
> -- jay
I tried this method using an array instead of hash. It is finding the
correct total number of values (when compared to my grep findings...)
and printing all of them where as I'm looking to count the number of
matches for each regex. Would you recommend just using an 'if' or
should I continue using the 'foreach' statements to get this
functionality?
Another issue seems to be non-numeric characters (doesn't seem to like
IP address or strings) that are used for the regex where as the hash
example didn't complain if it was used as part of the search.
"Argument "124.106.196.121 -> 68.156.63.118 Port 49613 TCP
Co..." isn't numeric in sort at ./ips-parse.pl line 73, <LOG> line
172693." If I have it select just a numeric entity such as port it's
fine but then comes the issue out to you get the rest of the data to
print/formatted if non-numeric data can't be contained in the array?
Here's the type of data that is in the regex:
#SIGNATURE: Sig:3051 Subsig:1 Sev:4 TCP Connection Window Size DoS
[78.86.215.221:59921 -> 68.156.63.118:49613]
# my $sig = $1;
# my $subsig = $2;
# my $sev = $3;
# my $message = $4;
# my $sip = $5;
# my $sport = $6;
# my $dip = $7;
# my $dport = $8;
Thank you and everyone in advance for the help. I imagine it can be
frustrating explaining something that may be done ten different ways
to a beginner...
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
http://learn.perl.org/
