-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I couldn't find the answer while googling for a regexp to pull the ip
from my log files so here I am. I am trying to get the ip's (source and
destination) along with the ports for a summary. WFLOG doesnt cover my
firewall so I thought id try. Code is as follows:
#!/perl
while(defined($line = <>))
{
# Cut newlines off
chomp($line);
#take out []- and -'s
$line =~ s/^\[//;
$line =~ s/\]//;
$line =~ s/-//g;
$line =~ s/src_ip=//g;
$line =~ s/dst_ip=//g;
#print("matched = $&\n");
# Seperate fields
@parts = split(/\s+/, $line);
# Get the date info
$date = $parts[0];
# Get the time
$time = $parts[1];
# Blocks stripper
#$parts =~ s/Blocked \w+ \w+ \w+ Attack//;
# Source IP
$source_ip =~
m/^([01]?\d\d|2[0-4]\d|25[0-5])\.([01]?\d\d|2[0-4]\d|25[0-5])\.
([01]?\d\d|2[0-4]\d|25[0-5])\.([01]?\d\d|2[0-4]\d|25[0-5])$/;
#
#(?:1\d?\d?|2(?:[0-4]\d?|[6789]|5[0-5]?)?|[3-9]\d?|0)/;
#$source_ip = $parts[6];
# Destination IP
$dest_ip = $parts[7];
print("*Date: $date Time: $time Source: $source_ip Destination:
$dest_ip*\n");
}
Here listed is data file I am working with:
__DATA__
[10/04/2006 13:18:52.63] Blocked - Port Scan Attack -
src_ip=24.123.222.53:28874 - dst_ip=00.000.160.000:1026 - UDP
[10/04/2006 02:20:24.98] Blocked - Winnuke Attack -
src_ip=61.110.173.193:1600 - dst_ip=00.000.160.000:139 - TCP
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFWo8hVz91Ftd3lBkRAs35AJ9mS8HX/5GTzqFAqaVzHNcrka5WtACdEdSc
jgIbmvViqHrHVWyEp9Pqs98=
=A1g7
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
<http://learn.perl.org/> <http://learn.perl.org/first-response>
