I am writing a perl script to parse some firewall logs and I think that there may be a better way of doing somwthing than the one that I know.
Syslog messages look as follows (IP addresses have been changed to protect the innocent)
%PIX-6-106015: Deny TCP (no connection) from 1.1.1.1/80 to 2.2.2.2/2699 flags PSH ACK on interface outside
The info that I want to pull out of that line is source IP, source port, dest IP, dest port and flags( if any). The problem is that the flags can have from 0 to 6 values ( SYN ACK PSH URG RST FIN ). I have the following code that does it, but it is not very inefficient.
open LOGFILE
while (<LOGFILE>) {
s/\// /g;
@line = map { split ' ',$_} $_;
print "$line[6]";
print "$line[7]";
print "$line[9]";
print "$line[10]";
if ( $line[15] ne on ) {
print "$line[15] ";
if ( $line[16] ne on ) {
print "$line[16] ";
if ( $line[17] ne on ) {
print "$line[17] ";
if ( $line[18] ne on ) {
print "$line[18] ";
if ( $line[19] ne on ) {
print "$line[19] ";
if ( $line[20] ne on ) {
print "$line[20] ";
if ( $line[21] ne on ) {
print "$line[21] ";
}
}
}
}
}
}
}I gues I am just looking for better ways to parse this line. Does any one have any ideas?
Kevin
_________________________________________________________________
Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail
-- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
