Re: [MacPerl-AnyPerl] Pattern matching: LAST HELP!

Wed, 24 Apr 2002 09:00:49 -0700 

on 4/24/02 11:24 AM, [EMAIL PROTECTED] purportedly said:

> -------------------------------------------------------------------
> #!/usr/bin/perl
> $_ = q(
> Apr 22 01:03:01 pandora ipop3d[28245]: Login user=holy00
> Apr 21 01:03:01 pandora ipop3d[28245]: Login user=holy01
> Apr 21 01:03:01 pandora ipop3d[28245]: Login user=holy05
> Apr 21 01:03:01 pandora ipop3d[28245]: Login user=holy01
> Apr 21 01:03:01 pandora ipop3d[28245]: Login user=holy00
> Apr 21 01:03:01 pandora ipop3d[28245]: Login user=holy02
> Apr 21 01:03:01 pandora ipop3d[28245]: Login user=holy05
> Apr 21 01:03:01 pandora ipop3d[28245]: Login user=holy01
> Apr 21 01:03:01 pandora ipop3d[28245]: Login user=holy00
> );
> for (split/\n/) {s~(.+user=)(.+)~$2~; $users{$_} = x}
> for (sort keys %users) {print "$_$/"}
> ----------------------------------------------------------------
> is perfect,but I didn't copy the last part of the line:
> ----------------------------------------------------------------
> Apr 14 17:24:45 pandora ipop3d[6577]: Login user=ct000512
> host=ppp-62-11-119-90.dialup.tiscali.it
> ----------------------------------------------------------------
> How can extract now just the user name?
> And how is possible to use a big file(maillog) instead of the log lines?

You *really* need to pick up a book on learning Perl. What you are asking is
pretty basic stuff. Anyway, of course, you can load from a file. A good way
is to use Perl's file filter capability:

#!/usr/bin/perl

# load lines from file name(s) passed on command line
while( <ARGV> ) {
  # use unambiguous pattern--count occurrences of each user login
  $user_hash{$1}++ if( /ipop3d.*: Login user=(\S+)/ );
}
# here do whatever you want with this info
__END__

You would call this script with syntax:
    $ ./script.pl filename_1 [..filename_n]

Perl will happily and rather quickly chew through all the specified files.
Once you have a firm grasp of what is happening in the script above and how
it works, with more Perl under your belt you could expand this script to
even detect login behaviors and alert you via email when suspect activity
occurs such as a possible crack attempt.

Keary Suska
Esoteritech, Inc.
"Leveraging Open Source for a better Internet"

Reply via email to