kevin r wrote:
> I am writing a perl script to parse some firewall logs and I think that
> there may be a better way of doing somwthing than the one that I know.
>
> Syslog messages look as follows (IP addresses have been changed to protect
> the innocent)
>
> %PIX-6-106015: Deny TCP (no connection) from 1.1.1.1/80 to 2.2.2.2/2699
> flags PSH ACK on interface outside
>
> The info that I want to pull out of that line is source IP, source port,
> dest IP, dest port and flags( if any). The problem is that the flags can
> have from 0 to 6 values ( SYN ACK PSH URG RST FIN ). I have the following
> code that does it, but it is not very inefficient.
Hi Kevin,
The key word here is simplify:
> open LOGFILE
> while (<LOGFILE>) {
> s/\// /g; # I'm not sure what you are trying to get rid of here.
> It is probably not wroking
> @line = map { split ' ',$_} $_;
Is there a real need for map? I think
my ($message, $details) = split /flags /, $_;
my ($flagString, $errorSource) = split /on/, $details;
my @flags = split /\s+/, flagString;
will work as well. In my view, it also seems to communicate the logic of your
problem--separating out the flags from the rest of the line. Then, of course, you can
handle the flags array as a logically-related collection.
Joseph
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
