Michael Alipio am Freitag, 15. September 2006 09:30:
> Hi,
>
> A log file contains several of these lines:
As formatted below? One log entry consists of three lines, followed by an
empty line?
> session. blablahbla
> blablabla proto:6 blablabla srcip:90.0.0.1 blablabla
> blablabla srcport:3243 blablabla dstport:23 blablabla
>
> session. blablahbla
> blablabla proto:6 blablabla srcip:90.0.0.1 blablabla
> blablabla srcport:3243 blablabla dstport:23 blablabla
>
> session. blablahbla
> blablabla proto:6 blablabla srcip:90.0.0.1 blablabla
> blablabla srcport:3243 blablabla dstport:23 blablabla
>
> basically, for each session, I need to obtain:
> srcip, srcport, dstip, dstport, then do something with
> it, say put it in a table;
>
> So far here's what I got: :-)
Some remarks to what you already have (hint to your actual problem at the end
of this post)
> my $sessionlog = shift @ARGV;
# with error msg:
my $sessionlog = shift @ARGV or die "argument (log file name) missing!";
perldoc -f open
> my $sessioncounter = '0';
# an integer, not a string:
my $sessioncounter = 0;
> my $start;
> my $srcip;
> my $srcport;
> my $dstip;
> my $dstport;
# shorter alternative:
my ($start, $srcip, $srcport, $dstip, $dstport);
# btw, $start has a too wide lexical scoping considered its use (with not much
sense) below.
perldoc -f my
> open SESSIONLOGS, "$sessionlog" or die $!;
# no need to put a single var in double quotes;
# more verbose dying; more explicit file open for reading:
open SESSIONLOGS, '<', $sessionlog or die "can't open log file: $!";
> while (<SESSIONLOGS>){
> if (/^session/){
> $start = "true";
> ++$sessioncounter;
> }
> }
This has not much sense except to count the number of (multi line) log
entries. $start is set, overwritten on every first entry line, and never used
(in the presented code excerpt). After the while loop, it will simply be
false, if the log is not empty and its format correct.
> #the logic I am thinking of here is to:
> #for every line, if it sees the word session and until
> it sees a new one, then mark it as a beggining of a
> session with $start. process the following lines, only
> until it sees another "session" keyword. then store
> all the corresponding regex it see into:
> my $srcip;
> my $srcport;
> my $dstip;
> my $dstport;
>
> the problem is... I'm not sure how to do it. :-)
> can you help we with just some few tips?
> pleaaase...:-)
The key idea is to "redefine" the meaning of a line. You can read a file
in "paragraph mode" (read three lines at a time), see
perldoc -q 'How can I read in a file by paragraphs?'
perldoc perlvar
and then use one regex to catch all of the required data (per entry).
perldoc perlre
and others
Hope this helps
Dani
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
<http://learn.perl.org/> <http://learn.perl.org/first-response>
