Problem: Need to create a hash like data structure that contains the key as an ip address. The dhcpd leases file contains all leases handed out and the time they where assigned using UTC time. Using the epoch time stamp in the access file and the ipaddress to get the actual host name of the machine that made the request seems to be a harder thing to do then I thought.
I have the following script that seems to work but it just seems like a really awful way of doing it. Access.log sample ------- 1073511381.266 24 192.168.254.116 TCP_IMS_HIT/304 209 GET http://daily.webshots.com/img/bg_lt_featposter_6x1.gif - NONE/- image/gif Dhcpd.leases sample lease 192.168.254.58 { starts 3 2003/12/17 14:00:22; ends 3 2003/12/17 14:10:22; tstp 3 2003/12/17 14:10:22; binding state free; hardware ethernet 00:d0:b7:e1:85:b3; uid "\001\000\320\267\341\205\263"; client-hostname "rpeterson"; } lease 192.168.254.61 { starts 1 2003/12/29 14:59:11; ends 1 2003/12/29 14:59:17; tstp 1 2003/12/29 14:59:17; binding state free; hardware ethernet 00:08:74:e4:ef:3a; uid "\001RAS \000\010t\344\357:\000\000\000\000\000\000"; client-hostname "pkraus"; } Script ------ #!/usr/bin/perl use strict; use warnings; use Date::Simple; my ( %users, %ip, %dates ); open ( DHCP, "<dhcpd-leases.txt" ) or die ("Could not open leases file $!\n"); open ( OUT, ">newlog.txt" ) or die ("Could not open log file for writing $! \n"); my ( $ip, $date, $hostname ); while ( <DHCP> ) { $ip = $1 if ( /lease\s([\d\.]+)/ ); $date = $1 if ( /starts\s\d\s([\d\/]+)\s/ ); $date =~ s/\//-/g if ($date); $date =~ s/(\d\d\d\d-)(\d)-/${1}0$2/ if ($date); $date =~ s/(\d\d\d\d-)(\d)-/${1}0$2/ if ($date); $date =~ s/(\d\d\d\d-\d\d-)(\d)$/${1}0$2/ if ($date); # print "$date\n"; if ( /hostname "(\w+)"/ ){ $hostname = $1; push( @{$dates{$ip}}, "$hostname|$date"); $users{"$ip-$date"} = $hostname; } } open ( LOG, "<access.txt" ) or die ("Could not open Access Log $!\n" ); while ( <LOG> ){ my ($timestamp,$ip,$size,$site) = (split/\s+/, $_)[0,2,4,6]; my @timestamp = (gmtime($timestamp))[2,1,0,4,3,5]; my $time = "($timestamp[0]:$timestamp[1]:$timestamp[2])"; my $date = ($timestamp[5]+1900) . "-" . ( $timestamp[3]+1 ) . "-" . $timestamp[4]; my $hostname; #lookup host name if ($dates{$ip}){ foreach (@{$dates{$ip}}){ my @record = split /\|/; $date =~ s/(\d\d\d\d-)(\d-)/${1}0$2/; $date =~ s/(\d\d\d\d-)(\d)-/${1}0$2/; $date =~ s/(\d\d\d\d-\d\d-)(\d)$/${1}0$2/; # print "Two Dates:Squid($date)\tdhcp($record[1])\n"; my $squiddate = Date::Simple -> new ($date); my $dhcpddate = Date::Simple -> new ($record[1]); if ($squiddate < $dhcpddate){ $hostname = $record[0]; last if ($hostname ne $ARGV[0]); print OUT "$hostname|$time|$date|$size|$site\n"; last; } } } } Paul Kraus ----------------------- PEL Supply Company Network Administrator ----------------------- 800 321-1264 Toll Free 216 267-5775 Voice 216 267-6176 Fax www.pelsupply.com -----------------------
-- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] <http://learn.perl.org/> <http://learn.perl.org/first-response>
