I'm trying to split a line from a PIX Firewall log file and put it into an array. The log entries look like: Nov 13 07:28:55 10.0.0.3 %PIX-4-400025: IDS:2154 ICMP ping of death from 123.123.123.123 to 124.124.124.124 on interface outside
Here is the code i've tried: .............................................................. while ($line = <LOG>) { if ($line =~ /PIX-4-4000/) { # Match PIX Message ID Type @fields = split(/ /, $line); # Populate @fields with data $month{$fields[0]}++; # $day{$fields[0]." ".$fields[1]}++; # Cat Month and Day $fields[2] =~ /(\d{2}):/; # Parse Hour from Time $ltime{$fields[0]." ".$fields[1]." ".$1}++; # Cat Date and Time $host{$fields[3]}++; $pixcode{$fields[4]}++; ............etc ........................................................................ Obviously, split(/ /, $line) doesn't produce the array I really want. Here is the format of the log entries to parse. Month Day Time Host PIXcode IDSCode Protocol Description SourceHost To DestinationHost On Interface InterfaceName Here are the string details: Month : Always Three Letters Day : May be One or Two Digits. If one Digit, it is preceded by and extra space. i.e. " 9" or "10" Time: Always the same format Host : Sometimes IP number, Sometimes Hostname PIXCode : Always %PIX-4-4000xx: IDSCode : Always IDS:xxxx Protocol : If exists, followed by space, Sometimes not there at all Description : Various string lengths (2 To 6 words) SourceHost : Always an IP Number To : Always exists DestinationHost : Always an IP Number On Interface : Always exists InterfaceName : Always One Word Thanks! Matt Richter -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]