On Mon, 2004-08-09 at 22:21, Stephen Gran wrote:
> Don't loop - make a more complicated data structure, like a multi level
> hash (ugly pseudo-code to follow):
Ok.
> Just read the file once, fill in the bits as you go, and process the
> whole thing at the end.
I wrote this and it's much much faster. In fact the old way of looping
through the file multiple times took a 1 minute and 20 seconds while the
code below took 20 seconds.
#!/usr/bin/perl -w
print "Shows uniques hosts with a virus count over 10:\n";
open(FILE, "/var/log/maillog");
while(<FILE>) {
if
(/(\d|\D)+sendmail\[(\d)+\]:\s((\w)+):(\d|\D)+\[(\d+\.\d+\.\d+\.\d+)\]/)
{
$ip_addr = $6;
$message_id = $3;
unless ( $ip_addr eq "127.0.0.1" ) {
$email->{$message_id}->{ip_addr} = $ip_addr;
}
}
elsif
(/(\d|\D)+clamav-milter\[(\d)+\]:\s((\w)+):\sstream:\s(\d|\D+)virus(\d|\D)+/) {
$message_id = $3;
$virus = $5;
$email->{$message_id}->{virus} = $virus;
}
}
close(FILE);
foreach $message_id ( keys %{ $email } ) {
if ( $email->{$message_id}->{virus} ) {
$virus = $email->{$message_id}->{virus};
$ip_addr = $email->{$message_id}->{ip_addr};
$ip_addr{$virus}++;
$virus{$ip_addr}++;
}
}
sub hashValueDescendingNum {
$ip_addr{$b} <=> $ip_addr{$a};
}
foreach $virus (sort hashValueDescendingNum (keys(%ip_addr))) {
print "Count is $ip_addr{$virus} for $virus\n";
}
sub hashValueDescendingIp {
$virus{$b} <=> $virus{$a};
}
foreach $ip_addr (sort hashValueDescendingIp (keys(%virus))) {
if ($virus{"$ip_addr"} >= "10") {
print "Count is $virus{$ip_addr} for $ip_addr\n";
}
}
-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
