Problems with Not Equal to 1

[jewel464g]

Need some help with my if statement. It works for with pulling all of the Priority: 2 out of the file, but when I try to exclude ICMP it doesn't work. I know != is for numbers but I get errors with ne as well. Here is my code, any suggestions are appreciates.



#!/usr/bin/perl -w
use FileHandle;

$| = 1;
# open file and define a handle for it
open(FILE,"/var/log/snort/alert&quot || die "Unable to open Coolips!\n";

# suck the file into an array
@file = <FILE>;

# close file when done
close(FILE);

#open the file for wrniting, append to whatever data may be there
open (FILE2, &quot;>>/var/snort/relevantp2&quot || die &quot;Unable to open file!\n&quot;;

autoflush FILE2 1;
$|=1;

# use a loop to keep reading the file
# until it reaches the end
foreach $line (@file)
{
if (($line =~ /Priority: 2/)&& ($line != /ICMP/)){
print FILE2 $line ;
}
}

close(FILE2);

http://www.scriptchick.com/

When faced with a decision, always ask, 'Which would be the most fun?'

 

[MrGabe]

Any string that is a match for regex /Priority:2/ , contains the chars 'Priority: 2' and is therefore not going to be equal to the literal '/TCMP/'. This is true for all cases. I think you're looking for &quot;does not match&quot; regex /ICMP/.

try using:

($line !=~/ICMP/) instead of ($line !=/ICMP/)


This will say &quot;...and doesn't match ICMP&quot; instead of &quot;is not equal to /ICMP/


regards, Gabe

 

[rosenk]

If you're looking for &quot;does not match regular expression&quot; (which it seems from your [tt]/ICMP/[/tt],) you're looking for [tt]!~[/tt]

 

[jewel464g]

Hi rosenk,

That was exactly what I was looking for and just couldn't find the syntax for it.

Jewel

http://www.scriptchick.com/

When faced with a decision, always ask, 'Which would be the most fun?'