Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Hello All! I am very new to perl

Status
Not open for further replies.

SDCSA

Programmer
May 8, 2003
22
US
Hello All!

I am very new to perl.

I want to write a script that reads a log file and outputs the result


A snippet of log file is as shown below. 333.333.333.333 is the ip address. ip addresses are always preceded by the word AAD@.

----------------------------------------
10:54:11 [crelay_child-106762-0]: Reading local IPC message...
10:54:11 [crelay_child-106762-0]: Writing 220 bytes : LOGIN_MSG_RSP[-726510107](1)
secu_server-0@222.222.22.22->AAD@333.333.333.33
10:54:12 [crelay_child-106762-0]: Scheduled send message to client on sfd 5
11:54:01 [crelay_child-312350-0]: Read 173 bytes : LOGIN_MSG[-934384907](1)
AAD@333.333.333.33->secu_server@222.222.222.22
11:54:01 [crelay_child-312350-0]: Writing 213 bytes : LOGOUT_MSG[-726510107](1)
secu_server-0@222.222.222.22->AAD@333.333.333.33


------------------

We need to track the ip addresses on the lines that precede by a line that has the LOGIN_MSG (for logins) and LOGOUT_MSG (for logouts). Each ip address represents a user and LOGIN_MSG says that a user has logged in and LOGOUT_MSG says that a user has logged out.

The script has to track ip addresses. If a new ip address is found and if the line above it has LOGIN_MSG, then the user is logged in. And if the same ip address is found again (with LOGIN_MSG at top), that would make no difference. (Here, multiple LOGIN_MSGs exist). Similarly, when an ip address is found with LOGOUT_MSG on it's above line, then that user is no longer logged in. It's like deleting the user from the list.

Finally we just need to print the logged in ip addresses (distinct) and the count.


Thank you very much in anticipation.
 
so you just want to get the ip addresses and nothing else correct?

if so try this
open (<FILE>,whatever..)

%ipinlog; #hash that will have all the ip's
while(<FILE>)
{
if($_=~/LOGIN_MSG/ || $_=~/LOGOUT_MSG/)
{
$_ = <FILE>; #go to next line for ip
my($ip) = /AAD\@(.*)/; #retrieve the ip
$ipinlog{$ip}++; #store the ip as key and increment number of occurances of that ip (if u ever need that)
}
}
close <FILE>;

now simply loop through the hash using a foreach $key ... and print out all distinct ip's, and can count as you do this to get the total distinct count

if you need the number of occurences of a certain ip then just retrieve it directly ie.. $ipinlog{ipyouarelookingfor} and that will give you the number of time that ip has been seen the log file (keep in mind that it will be double since it counts the ip when it logs in and when it logs out)

by no means is this the cleanest code but it should help you get started hopefully

enjoy

--Marty

--Computable or not Computable that is not the question
char *p=&quot;char *p=%c%s%c;main(){printf(p,34,p,34);}&quot;;main(){printf(p,34,p,34);}
 
I may have misunderstood your question, but I think Nithos missed a few things. Try this:


open (<FILE>,whatever..)

%iploggedin; #hash that will have all the ip's
while(<FILE>)
{
if($_=~/\bLOG(IN|OUT)_MSG\b/) {
my $msg = $1;
$_ = <FILE>; #go to next line for ip
my($ip) = /AAD\@(.*)/; #retrieve the ip

# if login, store the ip as key and count
$iploggedin{$ip}++ if($msg eq 'IN');

# if logout, remove ip
delete $iploggedin{$ip} if($msg eq 'OUT');
}
}
close <FILE>;

@distinct = keys %iploggedin;
$count = scalar(@distinct);


I assume that LOGIN_MSG_RSP is not an actual login, hence why the \b appears in the regexes.

Barbie
Leader of Birmingham Perl Mongers
 
Hello,

I get the following message when I execute the script:

Operator or semicolon missing before %iploggedin at parse.pl line 4.
Ambiguous use of % resolved as operator % at parse.pl line 4.
Can't take log of 0 at parse.pl line 2.

The script is:

#!/usr/bin/perl
open (<FILE>,crelay.log)

%iploggedin; #hash that will have all the ip's
while(<FILE>)
{
if($_=~/\bLOG(IN|OUT)_MSG\b/) {
my $msg = $1;
$_ = <FILE>; #go to next line for ip
my($ip) = /AAD\@(.*)/; #retrieve the ip

# if login, store the ip as key and count
$iploggedin{$ip}++ if($msg eq 'IN');

# if logout, remove ip
delete $iploggedin{$ip} if($msg eq 'OUT');
}
}
close <FILE>;

@distinct = keys %iploggedin;
$count = scalar(@distinct);

--------------------------------

Also, can we print the count to command line? Yes, LOGIN_MSG_RESP can be ignored.

Thanks again.


 
Hi,

Thanks for the reply.

I made the change and I get this error now.

Can't take log of 0 at parse.pl line 2.

Thanks again.
 
i think its this line
open(<FILE>,crelay.log);
instead put the file in &quot;&quot;
ie..
open(<FILE>,&quot;crelay.log&quot;);

that should fix it, perl thought it was evaluating something with the 'log' command i believe

hope this helps ;)

--Computable or not Computable that is not the question
char *p=&quot;char *p=%c%s%c;main(){printf(p,34,p,34);}&quot;;main(){printf(p,34,p,34);}
 
Hello:

Thanks for the reply. This time I am getting this message (with &quot; and '. I tried both).

Can't use an undefined value as filehandle reference at parse.pl line 2.

I appreciate if you can look into this,

Thanks in anticipation.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top