help with reading file script | Help !!
Hi all !! im really new to perl so please bare with me and help.. I need a script to read /var/log messages and each time it sees a line with the word "IDS" it will send the whole line via mail to the administrator of the IDS, here is an example of such a line: Oct 19 15:40:30 172.31.0.254 %PIX-4-400011: IDS:2001 ICMP unreachable from 200.69.22.146 to 200.61.54.55 on interface outside I wrote this script: #!/usr/local/bin/perl $file = '/var/log/messages'; # Name the file open(INFO, "/var/log/messages"); # Open the file while $message = / IDS/g {# Read it into an array $ message = $& sub sendEmail # simple Email function my $sendmail = '/usr/lib/sendmail'; open(MAIL, "|$sendmail -oi -t"); print MAIL "From: [EMAIL PROTECTED]"; print MAIL "To: [EMAIL PROTECTED]"; print MAIL "Subject: Pix IPS Attck Detection\n\n"; print MAIL "$message\n"; close(MAIL); } It doesnt work and I dont know why... can someone help? another question, how to execute this script so it will be in memory oc the server all the time? should I run it throw rc.local? thanks a lot for helping me !! thanks ! Juan __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/
Re: help with reading file script | Help !!
You may want to consider using a mod for the mailer. I usually use Mail::Mailer for a task such as this. use strict; use warnings; Good practice. Chance Ervin Senior Systems Engineer Intelenet Communications NOC 949 784-7911 [EMAIL PROTECTED] On Fri, 19 Oct 2007 14:14:44 -0700 "Tom Phoenix" <[EMAIL PROTECTED]> wrote: On 10/19/07, Juan B <[EMAIL PROTECTED]> wrote: I need a script to read /var/log messages and each time it sees a line with the word "IDS" it will send the whole line via mail to the administrator #!/usr/local/bin/perl $file = '/var/log/messages'; # Name the file open(INFO, "/var/log/messages"); # Open the file while $message = / IDS/g {# Read it into an array $ message = $& It started out as a Perl program, but something bad happened to it. What array is the comment misleading us about? The syntax for a while loop is covered in the perlsyn manpage. sub sendEmail # simple Email function my $sendmail = '/usr/lib/sendmail'; open(MAIL, "|$sendmail -oi -t"); print MAIL "From: [EMAIL PROTECTED]"; print MAIL "To: [EMAIL PROTECTED]"; Well, this looks like you copied it from somebody else. Nothing wrong with that, although there are better ways than piping to sendmail. But if you had turned on warnings, Perl would have warned you about putting those e-mail addresses in double-quotes. You don't really have an array named @hpda, do you? It doesnt work and I dont know why... can someone help? You can ask Perl to help you diagnose your problems by asking for warnings. Most people recommend that each program have these lines near the start: use strict; use warnings; When you get a message that you can't fix, find advice about it in the perldiag manpage. another question, how to execute this script so it will be in memory oc the server all the time? should I run it throw rc.local? No! Not until it's debugged, at least. But staying in memory seems excessive. In any case, your administrator doesn't want to get each message by e-mail the very instant it appears, because that would require each line to be sent in its own e-mail message, giving the administrator perhaps thousands of messages during a crisis (and, possibly, causing a crisis of its own). It sounds more like a cron task to me; your program should send a batch of new entries as a single message (if needed) whenever it wakes up, and you can easily configure it to wake up every 30 minutes, or whatever. Cheers! --Tom Phoenix Stonehenge Perl Training -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/ -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/
Re: help with reading file script | Help !!
On 10/19/07, Juan B <[EMAIL PROTECTED]> wrote: > I need a script to read /var/log messages and each > time it sees a line with the word "IDS" it will send > the whole line via mail to the administrator > #!/usr/local/bin/perl > > $file = '/var/log/messages'; # Name the file > open(INFO, "/var/log/messages"); # Open the file > > while > $message = / IDS/g {# Read it > into an array > $ message = $& It started out as a Perl program, but something bad happened to it. What array is the comment misleading us about? The syntax for a while loop is covered in the perlsyn manpage. > sub sendEmail # simple Email function > > my $sendmail = '/usr/lib/sendmail'; > open(MAIL, "|$sendmail -oi -t"); > print MAIL "From: [EMAIL PROTECTED]"; > print MAIL "To: [EMAIL PROTECTED]"; Well, this looks like you copied it from somebody else. Nothing wrong with that, although there are better ways than piping to sendmail. But if you had turned on warnings, Perl would have warned you about putting those e-mail addresses in double-quotes. You don't really have an array named @hpda, do you? > It doesnt work and I dont know why... can someone > help? You can ask Perl to help you diagnose your problems by asking for warnings. Most people recommend that each program have these lines near the start: use strict; use warnings; When you get a message that you can't fix, find advice about it in the perldiag manpage. > another question, how to execute this script so it > will be in memory oc the server all the time? should I > run it throw rc.local? No! Not until it's debugged, at least. But staying in memory seems excessive. In any case, your administrator doesn't want to get each message by e-mail the very instant it appears, because that would require each line to be sent in its own e-mail message, giving the administrator perhaps thousands of messages during a crisis (and, possibly, causing a crisis of its own). It sounds more like a cron task to me; your program should send a batch of new entries as a single message (if needed) whenever it wakes up, and you can easily configure it to wake up every 30 minutes, or whatever. Cheers! --Tom Phoenix Stonehenge Perl Training -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/