Thanks for the quick reply! Here is the problem: Parsing by "space" delimiter produces varied results. The returned array contains a different number of fields each time depending on the number of words in the log entry. I need to parse by a combination of matches. i.e. by "space", by "words between identifiable letters or digits" etc. I don't know which function to use to do this.
Matt Richter -----Original Message----- From: Roger C Haslock [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 13, 2001 10:36 AM To: Matt Richter; [EMAIL PROTECTED] Subject: Re: Split a line with Multiple data types >> Obviously, split(/ /, $line) doesn't produce the array I really >> want. I don't understand the word 'obviously': what results are you getting? Have you tried the safer split /\s+/, $line; # split on any sequence of whitespace - Roger - ----- Original Message ----- From: "Matt Richter" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, November 13, 2001 2:41 PM Subject: Split a line with Multiple data types > I'm trying to split a line from a PIX Firewall log file and put it > into an array. The log entries look like: > > Nov 13 07:28:55 10.0.0.3 %PIX-4-400025: IDS:2154 ICMP ping of death > from 123.123.123.123 to 124.124.124.124 on interface outside > > Here is the code i've tried: > ............................................................. > while ($line = <LOG>) { > if ($line =~ /PIX-4-4000/) { # Match PIX > Message ID Type > @fields = split(/ /, $line); # Populate > @fields with data > $month{$fields[0]}++; # > $day{$fields[0]." ".$fields[1]}++; # Cat Month and > Day > $fields[2] =~ /(\d{2}):/; # Parse > Hour from Time > $ltime{$fields[0]." ".$fields[1]." ".$1}++; # Cat Date and > Time $host{$fields[3]}++; > $pixcode{$fields[4]}++; > ............etc > ........................................................................ > Obviously, split(/ /, $line) doesn't produce the array I really want. > > Here is the format of the log entries to parse. > > Month Day Time Host PIXcode IDSCode Protocol Description SourceHost To > DestinationHost On Interface InterfaceName > > Here are the string details: > Month : Always Three Letters > Day : May be One or Two Digits. If one Digit, it is preceded by and > extra space. i.e. " 9" or "10" > Time: Always the same format > Host : Sometimes IP number, Sometimes Hostname > PIXCode : Always %PIX-4-4000xx: > IDSCode : Always IDS:xxxx > Protocol : If exists, followed by space, Sometimes not there at all > Description : Various string lengths (2 To 6 words) SourceHost : > Always an IP Number To : Always exists > DestinationHost : Always an IP Number > On Interface : Always exists > InterfaceName : Always One Word > > > Thanks! > > Matt Richter > -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
