use strict ; 
use warnings ; 

my $login ; 
my $pass ; 
my $ip ; 
for my $line (<DATA>) {
	
	if ( $line =~ m/^Request: (\d+\.\d+.\d+\.\d+).*login=(.*)&passwd=([^\s]+)/ ) {
		$ip = $1 ; 
		$login = $2 ; 
		$pass = $3 ; 
	} elsif ( $line =~ m/^Error: mod_security/) {
		print "Attacker : $ip\n" ;  
		print "Login : $login, Password : $pass \n\n" ; 
	}		
		
}
	
__DATA__
Request: 10.122.11.235 - - [Tue Mar  9 22:27:46 2004] "GET http://sbc2.login.dcn.yahoo.com/config/login?.redir_from=PROFILES?&.tries=1&.src=jpg&.last=&promo=&.intl=us&.bypass=&.partner=&.chkP=Y&.done=http://jpager.yahoo.com/jpager/pager2.shtml&login=loginc&passwd=PASS HTTP/1.0" 200 566
Handler: proxy-server
Error: mod_security: pausing [http://sbc2.login.dcn.yahoo.com/config/login?.redir_from=PROFILES?&amp;.tries=1&amp;.src=jpg&amp;.last=&amp;promo=&amp;.intl=us&amp;.bypass=&amp;.partner=&amp;.chkP=Y&amp;.done=http://jpager.yahoo.com/jpager/pager2.shtml&amp;login=loginc&amp;passwd=PASS] for 50000 ms
----------------------------------------
GET http://sbc2.login.dcn.yahoo.com/config/login?.redir_from=PROFILES?&.tries=1&.src=jpg&.last=&promo=&.intl=us&.bypass=&.partner=&.chkP=Y&.done=http://jpager.yahoo.com/jpager/pager2.shtml&login=loginc&passwd=PASS HTTP/1.0
Accept: */*
Accept-Language: en
Connection: Keep-Alive
mod_security-message: Access denied with code 200. Pattern match "passwd=" at THE_REQUEST.
mod_security-action: 200

HTTP/1.0 200 OK
Connection: close

##</code><code>##

Attacker : 10.122.11.235
Login : loginc, Password : PASS