aijin,
You are correct, I didn't need the first array (@data) nor did I need to split on a new line. Thanks for the hash tip. I figured that's what I needed, but I don't have much experience with hashes, so I took this time to learn. I think I'm finally grasping them. Here is the code I came up with (suggestions appreciated):
#!/usr/bin/perl -w
use strict;
+
my $log = './log';
my (%count, %hash);
open (LOG, $log) or die "Can't open $log: $!";
while (<LOG>){
foreach($_){
my ($num,$date,$time,$fw,$type,$action,$alert,$int,$dir,$proto,$src
+,$dst,$service,$sport,$len,$rule) = (split /;/,$_);
%hash = (dest => $dst, service => $service);
foreach my $key (keys %hash){
my $val = $hash{$key};
$count{$val}++;
} #close foreach
} #close foreach
}#close while
foreach my $key1 (keys %count){
print "$key1 appears $count{$key1} times\n";
} #close foreach
I still need something that will run a sub if both the destination ip AND service appears AT LEAST 50 times in the log files, but I think this will be fairly easy.
Thanks again,
Dru
| [reply] [d/l] |
Suggestions welcome? Here they come :)
foreach($_){
foreach($_) is kind of useless, you can safely remove it (and its closing bracket, of course).
my ($num,$date,$time,$fw,$type,$action,$alert,$int,$dir,$proto,$src
+,$dst,$service,$sport,$len,$rule) = (split /;/,$_);
You don't have to name everything. Instead, you can assign to undef if you don't need a specific value.
my (undef, undef, undef, undef, undef, undef, undef, undef, undef,
+undef, undef, $dst, $service, undef, undef, undef) = split /;/; # spl
+it() works on $_ if only one argument is given.
Because there are more undefs than used values, a list slice would be even better:
my ($dst, $service) = (split /;/)[11, 12];
%hash = (dest => $dst, service => $service);
foreach my $key (keys %hash){
my $val = $hash{$key};
$count{$val}++;
} #close foreach
} #close while
There's no need to use these temporary variables %hash and $val;
Well indented code doesn't need "#close foreach" comments (unless it's a huge sub, but in that case the design was probably wrong anyway).
Because only the values of the hash are used and they're set within the same scope, there's no need for the hash at all.
I'll also use the for-modifier (for equals foreach, but is shorter) to demonstrate perl's nice syntactic features.
$count{$_}++ for $dst, $service;
}
foreach my $key1 (keys %count){
print "$key1 appears $count{$key1} times\n";
} #close foreach
This can be done using map, but it might be confusing if you don't know how it works:
print map "$_ appears $count{$_} times\n", keys %count;
Please also note I have a whitespace after every comma, which in my opinion makes the source more readable.
I hope this was useful to you
As a whole:
#!/usr/bin/perl -w
use strict;
+
my $log = './log';
my %count;
open (LOG, $log) or die "Can't open $log: $!";
while (<LOG>){
my ($dst, $service) = (split /;/)[11, 12];
$count{$_}++ for $dst, $service;
# Now I see it this way, I realise that
# $count{$_}++ for (split /;/)[11, 12];
# would be even better :)
}
print map "$_ appears $count{$_} times\n", keys %count;
2;0 juerd@ouranos:~$ perl -e'undef christmas'
Segmentation fault
2;139 juerd@ouranos:~$
| [reply] [d/l] [select] |