I am trying to figure out my Perl parsing script to dump the interesting
part of my log files to another parsed file. Bascially I want to try an
remove "Dport" rows that contain 80,53,25, etc...Those are tabs between each
field.
Log File name "log.040411":
Start Bytes SIp Sport DIp Dport
RIp
----- ----- ----- ----- ----- -----
-----
1074715516 111 222.222.2.2 2566 111.111.111.1 80
111.111.111.1
1074715516 222 . 3584 . 80
.
1074715516 400 . 2500 . 6100
.
1074715516 500 etc 3000 etc 53
.
1074715516 700 . 2700 . 5100
.
1074715516 400 . 2500 . 7100
.
1074715516 900 . 9000 . 25
.
Goal log file name "log.040411.p":
Start Bytes SIp Sport DIp Dport
RIp
----- ----- ----- ----- ----- -----
-----
1074715516 400 . 2500 . 6100
.
1074715516 700 . 2700 . 5100
.
1074715516 400 . 3300 . 7100
.
What I have tried...
#!/usr/bin/perl
# command line looks like:
# parse.pl /etc/log.040411
use strict;
use warnings;
$newfilename = "log.040411.p";
chomp(@parse = <ARGV>);
foreach (@parse) {
@line = split (/\t/, $_);
if($line[5] != 80 || $line[5] != 53 || $line[5] != 25)
open (FILE, ">>$newfilename");
print;
close(FILE); # Close the file
}
But I get errors...
Is there an easier way do to this? These log files get to around 500MB a day
so the fastest way is hoped. Would a while <> be better??
Any help is great..
Ron
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
<http://learn.perl.org/> <http://learn.perl.org/first-response>
