Re: Another Array Problem.

in reply to Another Array Problem: comparing.

There are a couple of things that aren't clear to me here.

First, why read the file into an array and then go through the array and split the lines. Are you sure any of the lines are splitting? When you while(<LOG>) you are reading the file line by line, which makes the split you've got in the foreach loop unnecessary.

Secondly, it's not clear what exactly you're checking, so I'm going to make the following assumptions. Please correct me if I'm wrong.

1. You want to check if all the entries in the @dst array are the same IP.

2. You want to know when there are 50+ of any service in the @service array.

Both of these tasks can be solved with the use of a hash. I suggest you meander over to the Categorized Questions and Answers section and read up on them.

-a.

Comment on Re: Another Array Problem. Download Code

Replies are listed 'Best First'.
Re: Re: Another Array Problem. by dru145 (Friar) on Dec 19, 2001 at 20:23 UTC
aijin, You are correct, I didn't need the first array (@data) nor did I need to split on a new line. Thanks for the hash tip. I figured that's what I needed, but I don't have much experience with hashes, so I took this time to learn. I think I'm finally grasping them. Here is the code I came up with (suggestions appreciated): #!/usr/bin/perl -w use strict; + my $log = './log'; my (%count, %hash); open (LOG, $log) or die "Can't open $log: $!"; while (<LOG>){ foreach($_){ my ($num,$date,$time,$fw,$type,$action,$alert,$int,$dir,$proto,$src +,$dst,$service,$sport,$len,$rule) = (split /;/,$_); %hash = (dest => $dst, service => $service); foreach my $key (keys %hash){ my $val = $hash{$key}; $count{$val}++; } #close foreach } #close foreach }#close while foreach my $key1 (keys %count){ print "$key1 appears $count{$key1} times\n"; } #close foreach [download] I still need something that will run a sub if both the destination ip AND service appears AT LEAST 50 times in the log files, but I think this will be fairly easy. Thanks again, Dru	[reply] [d/l]
Re: Re: Re: Another Array Problem. by Juerd (Abbot) on Dec 19, 2001 at 20:49 UTC
Suggestions welcome? Here they come :) `foreach($_){` [download] foreach($_) is kind of useless, you can safely remove it (and its closing bracket, of course). `my ($num,$date,$time,$fw,$type,$action,$alert,$int,$dir,$proto,$src +,$dst,$service,$sport,$len,$rule) = (split /;/,$_);` [download] You don't have to name everything. Instead, you can assign to undef if you don't need a specific value. `my (undef, undef, undef, undef, undef, undef, undef, undef, undef, +undef, undef, $dst, $service, undef, undef, undef) = split /;/; # spl +it() works on $_ if only one argument is given.` [download] Because there are more undefs than used values, a list slice would be even better: `my ($dst, $service) = (split /;/)[11, 12];` [download] `%hash = (dest => $dst, service => $service); foreach my $key (keys %hash){ my $val = $hash{$key}; $count{$val}++; } #close foreach } #close while` [download] There's no need to use these temporary variables %hash and $val; Well indented code doesn't need "#close foreach" comments (unless it's a huge sub, but in that case the design was probably wrong anyway). Because only the values of the hash are used and they're set within the same scope, there's no need for the hash at all. I'll also use the for-modifier (for equals foreach, but is shorter) to demonstrate perl's nice syntactic features. `$count{$_}++ for $dst, $service; }` [download] `foreach my $key1 (keys %count){ print "$key1 appears $count{$key1} times\n"; } #close foreach` [download] This can be done using map, but it might be confusing if you don't know how it works: `print map "$_ appears $count{$_} times\n", keys %count;` [download] Please also note I have a whitespace after every comma, which in my opinion makes the source more readable. I hope this was useful to you As a whole: `#!/usr/bin/perl -w use strict; + my $log = './log'; my %count; open (LOG, $log) or die "Can't open $log: $!"; while (<LOG>){ my ($dst, $service) = (split /;/)[11, 12]; $count{$_}++ for $dst, $service; # Now I see it this way, I realise that # $count{$_}++ for (split /;/)[11, 12]; # would be even better :) } print map "$_ appears $count{$_} times\n", keys %count;` [download] `2;0 juerd@ouranos:~$ perl -e'undef christmas' Segmentation fault 2;139 juerd@ouranos:~$` [download]	[reply] [d/l] [select]

In Section Seekers of Perl Wisdom