This appears to give sane output for the test data :).
#!/usr/bin/perl -w
use strict;
my @fields = qw/ip icmp tcp udp events drops/;
my %count;
my $date;
open (INFILE, "<&","DATA") or die ("Error Opening File $!\n");
open (OUTFILE, ">&", 'STDOUT') or die ("Error Opening File $!\n");
print OUTFILE "date,ip_cnt,icmp_cnt,tcp_cnt,udp_cnt,events,drops \n";
while ( my $line = <INFILE>) {
if ($line =~ m/^(\d{4})(\w{3})(\d+).+/) {
print OUTFILE join(",", $date, @count{@fields}), "\n" if defin
+ed $date;
%count = (); # reset the counters
$date = join ' ',($2,$3,$1);
next;
}
elsif ($line =~ m/^EVENT1:\s+\[\w+\]\s+\(IP=(\d+),
ICMP=(\d+),
TCP=(\d+),
UDP=(\d+),
EVENTS=(\d+),
DROP=(\d+),.+/x)
{
$count{ip} += $1;
$count{icmp} += $2;
$count{tcp} += $3;
$count{udp} += $4;
$count{events} += $5;
$count{drops} += $6;
#print "$line \n";
next;
}
else
{
# Line that is neither a date or a event
next;
}
}
print OUTFILE join(",", $date, @count{@fields}), "\n" if defined $date
+;
__DATA__
2003Aug01/
EVENT1: [HEARTBEAT] (IP=1260953,ICMP=898,TCP=1236959,UDP=22477,EVENTS=
+950,DROP=0,VER=6.0.1)
EVENT1: [HEARTBEAT] (IP=1217149,ICMP=874,TCP=1193416,UDP=22133,EVENTS=
+811,DROP=0,VER=6.0.1)
2003Aug02/
EVENT1: [HEARTBEAT] (IP=640626,ICMP=855,TCP=620893,UDP=18614,EVENTS=71
+4,DROP=0,VER=6.0.1)
EVENT1: [HEARTBEAT] (IP=652513,ICMP=830,TCP=631758,UDP=19671,EVENTS=72
+2,DROP=0,VER=6.0.1)
