Howdy everyone.
Was talking to
deprecated today about a problem I was having. Basically I wanted to eliminate all unwanted (non-word non-whitespace) and a few other characters.
So I used: s/[^\w\s\/=.\]//g
He said: tr/[^A-Za-z0-9_ ]//d
Now I realize that mine includes a few more characters but basically the moral is that his left nothing but the characters I was seeking to destroy. Which was weird since we used the [^. Anyway here is the complete code and maybe someone can give me some pointers on why his wouldnt work.
#!/usr/bin/perl
# setup needed modules.
use warnings;
use strict;
use DBI;
use IO::Socket;
use Data::Dumper;
$|++; # No buffering plz kthx
$SIG{HUP} = 'IGNORE';
# solaris likes to kill all of your processes when you exit with a HUP
fork and exit;
my $dbh = DBI->connect("dbi:Pg:dbname=syslogs");
# setup some sql queries for later
#This one inserts the log entry.
my $sth = $dbh->prepare("insert into current_logs (host, ip, log) valu
+es ( ? , ? , ? )");
#this two are for updating the hosts table.
my $sth2 = $dbh->prepare("select hostname from hosts where ip ~* ?");
my $sth3 = $dbh->prepare("insert into hosts (hostname, ip) values ( ?
+, ? )");
# Masquerade as the syslogd daemon
my $server = IO::Socket::INET->new(LocalPort => 514, Proto => 'udp')
or die "Couldnt listen on UDP 514, $!\n";
my %cachedhosts; # used to keep hosts in a hash so we dont keep hammer
+ing the name servers.
while (my $length=$server->recv(my $data, 65536, 0)) { # now is the ti
+me on sprockets when we wait
die "sysread: $!" if (!defined($length));
chomp $data;
# data hygeine there has to be a better way!
$data =~ s/(-|\"|<.*>)//g; #damn pix
$data =~ s/^\w{3}\s+\d+\s+\d+:\d+:\d+//; # damn pix
$data =~ s/^\w{3}\s+\d+\s+\d+\s+\d+:\d+:\d+:\s+//; #damn cabletrons
$data =~ s/[^\w\s=\/.]//g; # deprecated says to use tr/// here but
+I cant get it to work.
# I think this was nifty but some guru can do this in one line I ju
+st know it.
if (!$cachedhosts{$server->peerhost()}) {
$sth2->execute( $server->peerhost() );
while (my $row = $sth2->fetchrow_array) {
$cachedhosts{$server->peerhost()} = $row;
}
unless ($cachedhosts{$server->peerhost()}) {
my $host = gethostbyaddr(inet_aton($server->peerhost()), AF_IN
+ET);
if (!$host) { $host = qq{unknown.} . $server->peerhost(); }
$cachedhosts{$server->peerhost()} = $host;
$sth3->execute( $host, $server->peerhost() );
}
}
# Sometimes the cleaning above leaves nothing behind.
# the sonicwall is notorious for sending absolute junk to syslog.
unless ($data =~ /^$/) {
$sth->execute( $cachedhosts{$server->peerhost()},
$server-
+>peerhost(),
$data );
}
}
# in case we escape
$dbh->disconnect();
Also any helpful pointers as to how to clean it up a little would be appreciated.
muzakfetch