Hello All,
I still consider myself to be a newbie when dealing with perl. I have below a script I wrote, but it is not very clean at all. If fact after a couple of days, it was hogging 74MB of ram on my server. It starts at around 3 or 4 MB. I obviously have some problems somewhere. I am sure the code can be a heck of a lot simpler as well. But I do not have the experiance or knowledge to make it better.
I am looking for help locating poor code techniques and to make it cleaner. It all works fine as it is:
#!/usr/bin/perl
system("clear");
use DBI;
use Mail::Sendmail;
$red="\033[31m";
$green="\033[32m";
$yellow="\033[33m";
$blue="\033[34m";
$cyan="\033[36m";
$ct=0;
$cnct="$green YES $white";
$vxd=0;
@denies =("deny","TCPZSPconnectionZSPdenied","was2","real","probe
+");
@ibm =("configured","rp01","ibmproxy","failed","login","timeZS
+Pout","images","http");
@forbids =("forbid","caution");
@pix =("PIX","warning","IP","from","disconnect","connect","ids
+n","interface","serial","0x14");
@errors =("link","error","fast","ethernet");
@interfc =("console","changedZSPstateZSPto","up","down","failed","
+operational");
@trans =("snort","noZSPtranslationZSPgroup","noZSPxlate","portsc
+an","udp","tcp");
@snort =("large","packet","bad","traffic","inbound","attempt","w
+eb","IIS","cmd.exe","cgi","access","multiple","decode");
@prior =("Priority:ZSP1","Priority:ZSP2","Priority:ZSP3","Priori
+ty:ZSP4","Priority:ZSP5","Priority:ZSP6","Priority:ZSP7","Priority:ZS
+P8","Priority:ZSP9","Priority:ZSP10",);
@watcher=("@pix","@denies","@ibm","@errors","@forbids","@interfc",
+"@trans","@snort","@prior");
my $database = DBI->connect("DBI:mysql:pixter",'root','') or $
+cnct="$red NO $white";
print "$cyan VERSION 1.4b \n";
print "AUTHOR: Justin R Carlson\n";
print "Database Linked with Application -$cnct \n";
if($cnct=~/NO/i){
print "\n $yellow CAUTION: $red THE DATABASE IS NOT LINKED, NO
+THING FOR THIS SESSION WILL BE SAVED $white \n";
print "\n $yellow CAUTION: $red DATABASE NOT READY, NOT ACTIVE
+, or Dead. $white \n";
}
for ($i=0; $i<$#watcher+1; $i++){
$watch="$watcher[$i]";
$global=0;
@global=split(/ /,$watch);
for ($x=0;$x<$#global+1;$x++){
$vxd++;
if($global[$x]=~/ZSP/i){
@ret=split(/ZSP/,$global[$x]);
$global[$x]="";
$global[$x]=join(' ',@ret);
}
$spy[$ct]=$global[$x];
$ct++;
}
}
print "\n $vxd total tags \n $white";
while(<>){
$input = $_;
@format=split (/:/,$input);
@cellmail=split(/ /,$input);
$findings="";
for ($r=0; $r<$#spy+1; $r++){
if($input=~/$spy[$r]/i){
$findings="$findings $spy[$r],";
$fn++;
}
}
if($fn>0){
$findings=~s/,//g;
$findings=~s/ /_/g;
$findings=~s/\///g;
$log="$findings";
$log=~s/:/_/g;
$log=~s/\./_/g;
$log=~s/___/_/g;
$log=~s/__/_/g;
$script = "CREATE TABLE IF NOT EXISTS `$log` (id INT (100) not
+ null AUTO_INCREMENT, log1 CHAR (255) not null, log2 CHAR (255) not n
+ull, log3 CHAR (255) not null, log4 CHAR (255) not null, log5 CHAR (2
+55) not null, log6 CHAR (255) not null, log7 CHAR (255) not null, log
+8 CHAR (255) not null, log9 CHAR (255) not null, log10 CHAR (255) not
+ null, log11 CHAR (255) not null, log12 CHAR (255) not null, log13 CH
+AR (255) not null, log14 CHAR (255) not null, log15 CHAR (255) not nu
+ll, log16 CHAR (255) not null, log17 CHAR (255) not null, log18 CHAR
+(255) not null, log19 CHAR (255) not null, log20 CHAR (255) not null,
+ log21 CHAR (255) not null, log22 CHAR (255) not null, log23 CHAR (25
+5) not null, log24 CHAR (255) not null, log25 CHAR (255) not null, PR
+IMARY KEY (id))";
my $sql = $database->prepare_cached($script);
$sql->execute();
$sql->finish();
$fn=0;
@writer=split(" ",$input);
$t=$#writer;
if($t<2){
$script="INSERT INTO $log (id,log1) VALUES ('','$_')";
} else {
$script="INSERT INTO $log (id,log1,log2,log3,log4,log5,log6,log7,log8,
+log9,log10,log11,log12,log13,log14,log15,log16,log17,log18,log19,log2
+0,log21,log22,log23,log24,log25) VALUES ('','$writer[0]','$writer[1]'
+,'$writer[2]','$writer[3]','$writer[4]','$writer[5]','$writer[6]','$w
+riter[7]','$writer[8]','$writer[9]','$writer[10]','$writer[11]','$wri
+ter[12]','$writer[13]','$writer[14]','$writer[15]','$writer[16]','$wr
+iter[17]','$writer[18]','$writer[19]','$writer[20]','$writer[21]','$w
+riter[22]','$writer[23]','$writer[24]')";
}
my $sql = $database->prepare_cached($script);
$sql->execute();
$sql->finish();
}
}
What does it do? It gets info piped to it from tail -f, and then creates / updates mysql tables to dump the data into. It uses all those arrays to make up its own table names. The log that tail is piping data from is written to from about 12 network devices.