Hello everyone,
I'm parsing a Logwatch report I get daily from my server and have hit
a snag. I'd like to grab everything between the "pam_unix Begin" line
and the "pam_unix End" line.
--------------------- pam_unix Begin ------------------------
sshd:
Invalid Users:
Unknown Account: 17 Time(s)
Authentication Failures:
admin (ym74043.ym.edu.tw ): 4 Time(s)
root (ym74043.ym.edu.tw ): 3 Time(s)
unknown (ym74043.ym.edu.tw ): 17 Time(s)
---------------------- pam_unix End -------------------------
The code I have is (assuming the entire report is in $body):
$body =~ /
\-+\spam_unix\sBegin\s\-+
\((.*)\s*\) #matchline
\-+\spam_unix\sEnd\s\-+
/sx;
I'm trying to grab "ym7403.ym.edu.tw" from each line after
"Authentication Failures".
I've also tried using this as the "matchline":
\(([A-Za-z0-9.])\s*\)
Yes, I realize I'll need to put either + or * at the end of the
"matchline" to get the multiple matches I'm seeking.
Another approach I'd thought about was (pseudo code):
while body
start and continue pushing lines onto array if pam_unix Begin
stop pushing lines onto array if pam_unix End
I know this is extremely simple, but I just can't seem to figure it out.
Anyone have ideas?
Thanks,
Kevin
--
Kevin Old
[EMAIL PROTECTED]
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
<http://learn.perl.org/> <http://learn.perl.org/first-response>
