On 11/9/06, mlist <[EMAIL PROTECTED]> wrote:
I hope this is an easy one (I have a feeling it is).
I'm trying to parse through a single, large firewall log file. I need
to run through a file to get the firewall name and push the associated
data to it's own log file. This is what I have so far:
#!/usr/bin/perl
use warnings;
use strict;
open CULIST, "/root/syslog_stuff/CULIST3.txt" or die $!;
open SEPTEMBER, "/var/log/log_netscreen_sep" or die $!;
while (<CULIST>) {
my $culist = $_;
print $culist;
open CU_OUTPUT, ">> /root/syslog_stuff/monthly_logs/sep/$culist" or
die $!;
while (<SEPTEMBER>) {
my @cuseptember = $_;
my @breakup = grep(/$culist/, @cuseptember);
print CU_OUTPUT "@breakup";
print @breakup;
}
}
The problem is that when I print @breakup (to either the file or stdin)
nothing shows up. An example of the contents of the two files are:
CULIST3.txt:
SUN9-GT:
SUNM-25:
SVWM-25:
TECM-GT:
TELM-25:
TEPM-25:
TEP-NWEST:
TEP-SPDWY:
TEP-WHTMTN:
TEXM-GT:
TOWER-GT:
/var/log/log_netscreen_sep:
Sep 1 00:00:01 192.168.207.10 BVAM-GT: NetScreen device_id=BVAM-GT [No
Name]system-notification-00257(traffic): start_time="2006-09-01
01:42:02" duration=62 policy_id=12 service=syslog proto=17 src
zone=Trust dst zone=Untrust action=Tunnel (CSS) sent=400 rcvd=0
Sep 1 00:00:04 192.168.107.249 TPF1-GT: NetScreen device_id=TPF1-GT
[No Name]system-notification-00257(traffic): start_time="2006-09-01
00:26:48" duration=20 policy_id=0 service=tcp/port:7800 proto=6 src
zone=Trust dst zone=Untrust action=Permit sent=620 rcvd=0
Sep 1 00:00:07 192.168.125.10 MPLSYS: NetScreen device_id=MPLSYS [No
Name]system-notification-00257(traffic): start_time="2006-09-01
01:42:11" duration=0 policy_id=320001 service=udp/port:33436 proto=17
Can anybody shed some light on this for me? I'd appreciate it greatly.
Matt
Matt,
A couple of things here. first, you don't perform any modification of
$culist, but the strings in $culist don't appear unmodified in the log
file. the string perl reads into $_ from a file like you're example is
e.g. "SUN9-GT:\n". The string in the log file, though, is just
"SUN9-GT". try something like '$culist =~ tr/:\n//' or
while (my $culist = <CULIST>) {
chomp $culist;
$culist =~ s/(\w+):/$1/;
# .... the rest of your code
}
Next, grep(). grep takes a list and returns the elements of the list
that match. the 'while (<>)' construct, though, only reads a line at
time, and you don't seem to be splitting into an array. That makes
grep superfluous. All you need here is:
while (<SEPTEMBER>) {
chomp;
print CU_OUTPUT "$_\n\n" if /$culist/;
print "$_\n\n";
}
HTH,
-- jay
--------------------------------------------------
This email and attachment(s): [ ] blogable; [ x ] ask first; [ ]
private and confidential
daggerquill [at] gmail [dot] com
http://www.tuaw.com http://www.downloadsquad.com http://www.engatiki.org
values of β will give rise to dom!
