Home > Archive > PERL Beginners > April 2004 > Perl parsing script
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Perl parsing script
|
|
| Ron McKeever 2004-04-16, 12:31 pm |
| I am trying to figure out my Perl parsing script to dump the interesting
part of my log files to another parsed file. Bascially I want to try an
remove "Dport" rows that contain 80,53,25, etc...Those are tabs between each
field.
Log File name "log.040411":
Start Bytes SIp Sport DIp Dport
RIp
----- ----- ----- ----- ----- -----
-----
1074715516 111 222.222.2.2 2566 111.111.111.1 80
111.111.111.1
1074715516 222 . 3584 . 80
..
1074715516 400 . 2500 . 6100
..
1074715516 500 etc 3000 etc 53
..
1074715516 700 . 2700 . 5100
..
1074715516 400 . 2500 . 7100
..
1074715516 900 . 9000 . 25
..
Goal log file name "log.040411.p":
Start Bytes SIp Sport DIp Dport
RIp
----- ----- ----- ----- ----- -----
-----
1074715516 400 . 2500 . 6100
..
1074715516 700 . 2700 . 5100
..
1074715516 400 . 3300 . 7100
..
What I have tried...
#!/usr/bin/perl
# command line looks like:
# parse.pl /etc/log.040411
use strict;
use warnings;
$newfilename = "log.040411.p";
chomp(@parse = <ARGV> );
foreach (@parse) {
@line = split (/\t/, $_);
if($line[5] != 80 || $line[5] != 53 || $line[5] != 25)
open (FILE, ">>$newfilename");
print;
close(FILE); # Close the file
}
But I get errors...
Is there an easier way do to this? These log files get to around 500MB a day
so the fastest way is hoped. Would a while <> be better??
Any help is great..
Ron
| |
| Claude 2004-04-23, 11:36 am |
| >>>>> "Ron" == Ron McKeever <rmckeever@earthlink.net> writes:
Ron> I am trying to figure out my Perl parsing script to dump the
Ron> interesting part of my log files to another parsed file.
[...]
Ron> But I get errors...
I am affraid You have to solve this issue in any case.
Ron> Is there an easier way do to this? These log files get to around
Ron> 500MB a day so the fastest way is hoped. Would a while <> be
Ron> better??
Maybe opening in "follow" mode (ie. calling "tail -f") would help? You
launch your script in the morning when the log file is small and it
gathers new lines when they are written. It depends how the input log
file is written, and the syntax of the file, of course. New lines have
to be appended to it by your system.
$infile = "tail -fn +1 $file |";
open LOG, $infile or die "Cannot open log $file, $!\n";
while ( $line = <LOG> ) {
# parse one line, write the result
}
Hope it helps.
--
Claude
|
|
|
|
|