Read txt file and use each line as regex and output matches to file.

[Rob Oravec]

Hi All!

Please help this beginner!

Sorry if this is a bit long.

(Scenario)
-Several routers/firewalls log events to a single ($log_file).

matches to their relevant files for further processing ($date-$ip.log)


($ip_file)
10.10.10.1
10.10.10.2
10.10.10.3

($log_file)
<snipped>


My result/problem so far:

for each ($log_source) but need it to print all the matches.

------------------------------------------------------------start-script
#!/usr/bin/perl

($mday,$mon,$year) = (localtime)[3..5];
$date = sprintf "%d%02d%02d", $year+1900, $mon+1, $mday;
($sec,$min,$hour)=localtime(time);
$time = sprintf "%02d:%02d:%02d", $hour, $min, $sec;

$log_dir = "/home/net1/log";
$rep_dir = "/home/net1/Apache2/htdocs/router-logs";
$log_file = "$log_dir/$date.log";
$ip_file = "/home/net1/log/ip.txt";

open(IPFILE, "$ip_file") || die "Could not open $ip_file";
foreach (<IPFILE>) {
           @lines = <IPFILE>;
           chomp($ip);

open (LOGFILE, $log_file) || die "Could not open $log_file";

if ($log_source    =~ /$ip/) {

           close(OUT);
           print;

close(LOGFILE);
------------------------------------------------------------stop-script
Comment/s:


Other things I have tried:



I hope this makes sense and thanks in advance.

Rob

More than likely there is an easy way to do this and/or I am doing something stupid but I just don't know how. -I want to be able to seperate the logs based on router/firewall IP addresses ($log_source) and dump all -Process the ($ip_file) line by line using each line as a regular expression, processing the ($log_file). This way if I add more routers/firewalls to the picture then its just a case of adding a new IP address to the ($ip_file) and not adding regular expressions to the script. 2005-09-05 00:05:11 Local5.Info 10.10.10.1 %SEC-6-IPACCESSLOGP: list IN_REF_2 denied tcp xxx.xxx.xxx.xxx(2948) -> xxx.xxx.xxx.xxx(135), 1 packet 2005-09-05 00:05:11 Local5.Info 10.10.10.2 %SEC-6-IPACCESSLOGP: list IN_REF_2 denied tcp xxx.xxx.xxx.xxx(2949) -> xxx.xxx.xxx.xxx(135), 1 packet 2005-09-05 00:05:11 Local5.Info 10.10.10.3 %SEC-6-IPACCESSLOGP: list IN_REF_2 denied tcp xxx.xxx.xxx.xxx(2973) -> xxx.xxx.xxx.xxx(135), 1 packet I think I read the ($ip_file) correctly and then open the ($log_file) to search through it based on each line in the ($ip_file). When it has processed the ($log_file) and dumped the results to the relavant files ($date-$ip.log) it only prints out the last matching line ($ip) = split; while (<LOGFILE>) { ($datestamp, $timestamp, $facility, $log_source, $restofline) = split (/\s+/, $_); $log_new = "$rep_dir/$date-$ip.log"; open(OUT, ">$log_new") || die "Could not open log_file"; print OUT; } } } close(IPFILE); The search has to be against the ($log_source) variable as the IP address may appear more than once in the same line and meaning something completely different. I have tried using the append option when opening ($log_new) and works great on the first go, then obviously it appends the next go round. If you have any other more effective suggestions.......then please....hit me!

signature.asc
Description: OpenPGP digital signature