> In your original post you presented *two* *separate* scripts and I
> commented on both scripts, and now you are combining parts of both
> scripts which is why you seem to be confused.
>
> Hint: The "next unless //;" was a replacement for the "if (//) {}"
> block.
John, originally I was trying to create a new script but after seeing all of
the *faults* with the original I wanted to first understand what was going
on. I assumed that the next statement may have been a replacement but
couldn't figure it out how to make it work but your hint helped! Now that
this one is hopefully fixed I can move on to the new one.
Here's the newer working code of the original script for anyone who might
find it useful.
#!/usr/bin/perl
#
# http://code.google.com/p/cisco-log-parser/
#
use warnings;
use strict;
# Set behaviour
my $log='/var/log/cisco.log';
my $ntop=10;
my $acl = $ARGV[ 0 ] || '.*';
open LOG, '<', $log or die "Cannot open '$log' $!";
my ( %srca, %quad, %port );
while (<LOG>) {
next unless /IPACCESSLOGP: list $acl denied ([tcpud]+)
([0-9.]+)\([0-9]+\)\s*->\s*([0-9.]+)\(([0-9]+)\), ([0-9]+) /;
$srca{ $2 } += $5;
$quad{ sprintf '%16s -> %16s %3s port %-6s', $2, $3, $1, $4 } += $5;
$port{ sprintf '%3s port %-6s', $1, $4 } += $5;
}
my $n;
printf "Connection Summary:\n";
foreach my $i (sort { $quad{$b} <=> $quad{$a} } keys %quad) {
if ($n++ >= $ntop) { last };
printf ("%6s:%s\n", $quad{$i},$i);
}
$n=0;
printf "\nDestination Port Summary:\n";
foreach my $i ( sort { $port{$b} <=> $port{$a} } keys %port) {
if ($n++ >= $ntop) { last };
printf ("%6s: %s\n", $port{$i},$i);
}
$n=0;
printf "\nSource Address Summary:\n";
foreach my $i ( sort { $srca{$b} <=> $srca{$a} } keys %srca) {
if ($n++ >= $ntop) { last };
printf ("%6s: %s\n", $srca{$i},$i);
}
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
http://learn.perl.org/
