A couple of thoughts... probably won't solve the problem (example
items from $vulndef file and what the failure seems to be would help)
Note that $vuln = <VULNDEF> below still has the newline, "\n", on it.
Might want to chomp() it.
What do the $vuln's look like so that you want to quotemeta them?
This means the $vuln's cannot be real regexes like: "foo.*bar"
since the quotemeta changes it to "foo\.\*bar". Examples of the
$vuln's might help. Are they basically shell meta chars with no
wildcards?
Speedwise, this code will be a bit slow since a regular expression in
$vuln is compiled again and againg every time in the nested loops.
However if your # of $vuln's is small you likely won't notice. A faster
way might be to use qr// to compile all the $vuln's outside the loop
(say the first time vuln_check() is called), and shove them in an
array, say @vulns, then loop over those items. Or even gluing them all
together with "|" into one big regex might be faster...
Karl
On Fri, 22 Dec 2000, cdowns <[EMAIL PROTECTED]> wrote:
> im trying to make a log scanner to check my daily NT Webserver logs, i
> have compiled a 179 https request hit list to use as a config file which
> i have named vuln.cfg. my question is : somehow i need to set the
> pattern match to a variable so it reads every line in the vuln.cfg and
> compares it to the logfile. i hope this is not confusing.
>
> here is the code snip:
>
> any ideas would be great. thanks and merry X-mas to all Luggers.
>
> # vuln_check sub call
> sub vuln_check() {
> my ($logfile) = @_;
> #lets check for someone being nosy here... .
> print"Starting Check:\n";
> print"---------------\n";
> open(LOGFILE, "$logfile")
> || die "Cannot open $logfile $!";
> while($logentry = <LOGFILE>) {
> open(VULNDEF, "$vulndef")
> || die "Cannot open $vulndef: $!";
> while($vuln = <VULNDEF>) {
> ($vuln =~ /^\#/) && next;
> $quotedvuln = quotemeta $vuln; <------------------ right here
> is the problem and im not sure how to get out of it.
> ($logentry =~ /$quotedvuln/) && printToLog($logentry);
> }
> close(VULNDEF);
> # print ".";
> }
> close(LOGFILE);
> }
>
> -D
>
>
> **********************************************************
> To unsubscribe from this list, send mail to
> [EMAIL PROTECTED] with the following text in the
> *body* (*not* the subject line) of the letter:
> unsubscribe gnhlug
> **********************************************************
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
