Thanks graff, I used your suggestion, and this is waht I came up with, does it look right? Or are there some improvements I could make.
Since this is only my second week with perl I am open to suggestions!
#!/usr/local/bin/perl
use Time::Local 'timelocal';
use PerlIO::gzip;
use IO::Tee;
use IO::File;
$err = 0;
$help = 1 if($ARGV[0] eq '-h');
$help = 1 if($ARGV[0] eq '--help');
$help = 1 if($ARGV[0] eq '-help');
$help = 1 if($ARGV[0] eq '');
$debug = 1 if($ARGV[0] eq '-d');
$msgHelp = "FORMAT - command [-d][-h][--help] Month StartDate EndDate\
+n\tStart & End Date = mm/dd/yyyy";
$msgGreps = "\n----------------------The following greps will be used
+for searching:\n";
$msgFiles = "\n----------------------The following files will be searc
+hed based on the dates given:\n";
$msgStarting = "\n----------------------Now Starting\n";
if($help == 1){
print $msgHelp;
} elsif($debug == 1){
$month = $ARGV[1];
@start = split /\//, $ARGV[2];
@end = split /\//, $ARGV[3];
}else{
$month = $ARGV[0];
@start = split /\//, $ARGV[1];
@end = split /\//, $ARGV[2];
}
$inputpath = "/logs/";
$startdate = timelocal(0,0,0, $start[1], $start[0]-1, $start[2]-1900);
$enddate = timelocal(0,0,0, $end[1]+1, $end[0]-1, $end[2]-1900);
$currenttime = localtime time;
$fcount = 1;
$gcount = 0;
if($debug !=1){$logfile = "win_greplog.txt" }else{$logfile = "testlogf
+ile.txt"};
$msgstarting = "\n----------------------$currenttime------------------
+-----\nParse will start with logs dated: startdate = $startdate\nEndi
+ng with logs dated: enddate = $enddate\nIn the following directory:
+$inputpath\n";
$tee = new IO::Tee(\*STDOUT, new IO::File(">>$logfile"));
print $tee "\nDEBUG MODE ON" if($debug == 1);
print $tee $msgstarting;
opendir INPUTDIR, $inputpath;
@inputfiles = grep { (stat "$inputpath/$_")[9] >= $startdate an
+d (stat "$inputpath/$_")[9] < $enddate } readdir INPUTDIR;
closedir INPUTDIR;
$numfiles = @inputfiles;
$greps[0] = '\SOFTWARE\Microsoft\Windows\CurrentVersion\Run';
$greps[1] = '\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce';
$greps[2] = '\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx';
$greps[3] = '\SOFTWARE\Microsoft\Windows\CurrentVersion\AeDebug';
$greps[4] = '\SYSTEM\CurrentControlSet\Control\SessionManager\KnownDL
+Ls';
$greps[5] = '\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winr
+eg';
$greps[6] = '\SOFTWARE\inAgents\EventLog2Syslog';
$greps[7] = '%systemdrive%';
$greps[8] = 'C:\';
$greps[9] = '\system32';
$greps[10] = '\system32\drivers';
$greps[11] = '\system32\config';
$greps[12] = '\system32\spool';
$greps[13] = '\repair';
print $tee $msgGreps;
foreach $gname (@greps) {
print $tee "\n - greps[$gcount]\t $gname";
$gcount++;
}
print $tee $msgFiles;
foreach $filelist (@inputfiles) {
$filelist = $inputpath.$filelist;
print $tee "\n - $filelist";
}
print $tee $msgStarting;
# step into each input file
foreach $inputfile (@inputfiles) {
# step into each grep
$gcount = 0;
foreach $grep (@greps) {
# build the outputfile
$outputfile = $month."_".$gcount."_".$inputfile."_results.txt"
+;
@results = `zgrep $grep > $outputfile`;
$gcount++;
}
}
print $tee "\n\n----------------------Normal Completion\n" if ($err==0
+);
close(LOGFILE);
Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
Read Where should I post X? if you're not absolutely sure you're posting in the right place.
Please read these before you post! —
Posts may use any of the Perl Monks Approved HTML tags:
- a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
Outside of code tags, you may need to use entities for some characters:
| |
For: |
|
Use: |
| & | | & |
| < | | < |
| > | | > |
| [ | | [ |
| ] | | ] |
Link using PerlMonks shortcuts! What shortcuts can I use for linking?
See Writeup Formatting Tips and other pages linked from there for more info.
|
|
