help with reading file script | Help !!
Hi all !!
im really new to perl so please bare with me and
help..
I need a script to read /var/log messages and each
time it sees a line with the word "IDS" it will send
the whole line via mail to the administrator of the
IDS, here is an example of such a line:
Oct 19 15:40:30 172.31.0.254 %PIX-4-400011: IDS:2001
ICMP unreachable from 200.69.22.146 to 200.61.54.55 on
interface outside
I wrote this script:
#!/usr/local/bin/perl
$file = '/var/log/messages'; # Name the file
open(INFO, "/var/log/messages"); # Open the file
while
$message = / IDS/g {# Read it
into an array
$ message = $&
sub sendEmail # simple Email function
my $sendmail = '/usr/lib/sendmail';
open(MAIL, "|$sendmail -oi -t");
print MAIL "From: [EMAIL PROTECTED]";
print MAIL "To: [EMAIL PROTECTED]";
print MAIL "Subject: Pix IPS Attck Detection\n\n";
print MAIL "$message\n";
close(MAIL);
}
It doesnt work and I dont know why... can someone
help?
another question, how to execute this script so it
will be in memory oc the server all the time? should I
run it throw rc.local?
thanks a lot for helping me !!
thanks !
Juan
__
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
http://learn.perl.org/
Re: help with reading file script | Help !!
You may want to consider using a mod for the mailer.
I usually use Mail::Mailer for a task such as this.
use strict;
use warnings;
Good practice.
Chance Ervin
Senior Systems Engineer
Intelenet Communications
NOC 949 784-7911
[EMAIL PROTECTED]
On Fri, 19 Oct 2007 14:14:44 -0700
"Tom Phoenix" <[EMAIL PROTECTED]> wrote:
On 10/19/07, Juan B <[EMAIL PROTECTED]> wrote:
I need a script to read /var/log messages and each
time it sees a line with the word "IDS" it will send
the whole line via mail to the administrator
#!/usr/local/bin/perl
$file = '/var/log/messages'; # Name the file
open(INFO, "/var/log/messages"); # Open the file
while
$message = / IDS/g {# Read it
into an array
$ message = $&
It started out as a Perl program, but something bad
happened to it.
What array is the comment misleading us about? The syntax
for a while
loop is covered in the perlsyn manpage.
sub sendEmail # simple Email function
my $sendmail = '/usr/lib/sendmail';
open(MAIL, "|$sendmail -oi -t");
print MAIL "From: [EMAIL PROTECTED]";
print MAIL "To: [EMAIL PROTECTED]";
Well, this looks like you copied it from somebody else.
Nothing wrong
with that, although there are better ways than piping to
sendmail. But
if you had turned on warnings, Perl would have warned you
about
putting those e-mail addresses in double-quotes. You
don't really have
an array named @hpda, do you?
It doesnt work and I dont know why... can someone
help?
You can ask Perl to help you diagnose your problems by
asking for
warnings. Most people recommend that each program have
these lines
near the start:
use strict;
use warnings;
When you get a message that you can't fix, find advice
about it in the
perldiag manpage.
another question, how to execute this script so it
will be in memory oc the server all the time? should I
run it throw rc.local?
No! Not until it's debugged, at least. But staying in
memory seems
excessive. In any case, your administrator doesn't want
to get each
message by e-mail the very instant it appears, because
that would
require each line to be sent in its own e-mail message,
giving the
administrator perhaps thousands of messages during a
crisis (and,
possibly, causing a crisis of its own).
It sounds more like a cron task to me; your program
should send a
batch of new entries as a single message (if needed)
whenever it wakes
up, and you can easily configure it to wake up every 30
minutes, or
whatever.
Cheers!
--Tom Phoenix
Stonehenge Perl Training
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
http://learn.perl.org/
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
http://learn.perl.org/
Re: help with reading file script | Help !!
On 10/19/07, Juan B <[EMAIL PROTECTED]> wrote:
> I need a script to read /var/log messages and each
> time it sees a line with the word "IDS" it will send
> the whole line via mail to the administrator
> #!/usr/local/bin/perl
>
> $file = '/var/log/messages'; # Name the file
> open(INFO, "/var/log/messages"); # Open the file
>
> while
> $message = / IDS/g {# Read it
> into an array
> $ message = $&
It started out as a Perl program, but something bad happened to it.
What array is the comment misleading us about? The syntax for a while
loop is covered in the perlsyn manpage.
> sub sendEmail # simple Email function
>
> my $sendmail = '/usr/lib/sendmail';
> open(MAIL, "|$sendmail -oi -t");
> print MAIL "From: [EMAIL PROTECTED]";
> print MAIL "To: [EMAIL PROTECTED]";
Well, this looks like you copied it from somebody else. Nothing wrong
with that, although there are better ways than piping to sendmail. But
if you had turned on warnings, Perl would have warned you about
putting those e-mail addresses in double-quotes. You don't really have
an array named @hpda, do you?
> It doesnt work and I dont know why... can someone
> help?
You can ask Perl to help you diagnose your problems by asking for
warnings. Most people recommend that each program have these lines
near the start:
use strict;
use warnings;
When you get a message that you can't fix, find advice about it in the
perldiag manpage.
> another question, how to execute this script so it
> will be in memory oc the server all the time? should I
> run it throw rc.local?
No! Not until it's debugged, at least. But staying in memory seems
excessive. In any case, your administrator doesn't want to get each
message by e-mail the very instant it appears, because that would
require each line to be sent in its own e-mail message, giving the
administrator perhaps thousands of messages during a crisis (and,
possibly, causing a crisis of its own).
It sounds more like a cron task to me; your program should send a
batch of new entries as a single message (if needed) whenever it wakes
up, and you can easily configure it to wake up every 30 minutes, or
whatever.
Cheers!
--Tom Phoenix
Stonehenge Perl Training
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
http://learn.perl.org/
