On 08/03/2006 10:58 AM, Tim Wolak wrote:
Hi All,
I'm working on a bit of code to parse a logfile, grab the IP's and put
them in the deny file. In the beginning of my code I'm grabbing all the
IP's in the deny file, putting them in an array to check against later
to make sure that IP is not already in the file. I can get all the
information I need but when I do a comparison of the IP's grabbed from
two files when there is a match is won't print the match!
Any help would be great!
Thanks,
Tim
#!/usr/bin/perl -w
#use strict;
use IO::Handle;
my $logfile = "/var/log/messages";
my $secv = "/var/log/secv";
my $hosts = "/etc/hosts.deny";
my $cody = "/etc/hosts.deny";
my @boxes;
my $box;
open(LOG, "$logfile") || die "Cannot open logfile for reading: $!";
open(SEC, ">$secv") || die "Can't open file!: $!";
open(HOST, "$hosts") || die "Can't open file!: $!";
#open(DEAD, ">$cody") || die "Can't open file!: $!";
foreach (<HOST>) {
if($_ =~ /(\d+\.\d+\.\d+\.\d+)/) {
push (@boxes, $_);
Perhaps it's best to use a hash for the IP numbers; it'll make
look-up faster. And since the line in the hosts.deny file
contains other information besides the IP address, to reduce
confusion, I suggest using only the IP address as the hash key:
push (@boxes, $_);
...becomes...
$boxes{$1} = $_;
}
else {
next;
}
}
close HOST;
while (<LOG>){
if($_ =~/Failed password for invalid/) {
print SEC "Invalied user logon attempt!:$_\n";
if(/(\d+\.\d+\.\d+\.\d+)/) {
$tim = $1;
foreach $box (@boxes) {
if($box =~ m/"$tim"/){
print "Match:$tim\n"
} else {
print "No Match:$box\n";
}
}
Now this is where I would drop the foreach and use the much
faster hash method:
if ($boxes{$tim}) {
print "Match:$tim\n";
} else {
print "No Match:$tim\n";
}
}
}
}
Try to get your program to run with "use strict" and "use
warnings" at the top; those help in catching errors.
ALL CODE UNTESTED
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
<http://learn.perl.org/> <http://learn.perl.org/first-response>
