Re: Serious pattern matching.

John W. Krahn Fri, 14 Jun 2002 11:43:29 -0700

Craig Hammer wrote:
> 
> Take a look at this script.  I created it to read my firewall log files, and
> then give me a sort and count per unique address.  You could substitute a
> more traditional grep in place of the substitution I use.
> 
> 
> opendir(DIR, "/clog1") || die("Unable to open logdir: $!");
> @dirlist = readdir(DIR);
> closedir(DIR) || die("Unable to close logdir");
> 
> open(OUTFILE, ">/home/chammer/scan_rpt") || die("Unable to open outfile: $!");
       ^^^^^^^
You never output anything to this file handle.



> for $ent ( @dirlist ) {
> 
>     if ( $ent =~ /fw/ ) {
>         open(LOGFILE, "</clog1/$ent") || die("Unable to open log for read access: 
>$!");
>         while ( <LOGFILE> ) {
>             chomp ;
>             if ( $_ =~ /Deny inbound.*outside/ ) {
>                 $_ =~ s/^.*src outside:([0-9.]+).*dst.*/\1/ ;
>             }
>             elsif ( $_ =~ /IP packet/ ) {
>                 $_ =~ s/^.*from ([0-9.]+) to.*/\1/ ;
>             }
>             else {
>                 next ;
>             }
>             if ( exists ( $iphash{$_} ) ) {
>                 $iphash{$_}{count} ++ ;
>             } else {
>                 $iphash{$_}{count} = 1 ;
>             }
>         }
>             close(LOGFILE) || die("Unable to close log: $!");
>     }
>     else {
>         next ;
>     }
> }
> 
> while ( keys ( %iphash ) > 0 ) {
> $hc = 0 ;
>       while (($k,$v) = each ( %iphash )) {
>             if ( $v->{count} > $hc ) {
>                $hc = $v->{count} ;
>                $hi = $k ;
>             }
>       }
>       printf ( "%s - %s\n" , $hi , $iphash{$hi}{count} ) ;
>       delete ( $iphash{$hi} ) ;
> }
> 
> exit ;


You are doing _way too much_ work there.  :-)  This does the same thing:

#!/usr/bin/perl -w
use strict;

my $dir = '/clog1';
# $out not used?
# my $out = '/home/chammer/scan_rpt';

chdir $dir or die "Cannot chdir to $dir: $!";
opendir DIR, '.' or die "Unable to open $dir: $!";
# skip . and .. - only want files with 'fw' in the name
my @dirlist = grep !/^\.\.?$/ and /fw/, readdir DIR;
closedir DIR or die "Unable to close $dir: $!";

# $out not used?
# open OUTFILE, "> $out" or die "Unable to open $out: $!";

my %iphash;
for my $ent ( @dirlist ) {
    open LOGFILE, $ent or die "Unable to open $dir/$ent for read access:
$!";
    while ( <LOGFILE> ) {
        next unless /Deny inbound.*outside/ or /IP packet/;
        if ( /src outside:([\d.]+).*dst/ or /from ([\d.]+) to/ ) {
            $iphash{$1}++;
            }
        }
    }

for my $ip ( keys %iphash ) {
    print "$ip - $iphash{$ip}\n";
# should we print to $out?
#    print OUTFILE "$ip - $iphash{$ip}\n";
    }

__END__


John
-- 
use Perl;
program
fulfillment

-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Serious pattern matching.

Reply via email to