Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl-Sensitive Sunglasses
 
PerlMonks  

comment on

( [id://3333]=superdoc: print w/replies, xml ) Need Help??
Monks,

I have an array with almost 500 ip's that I want to see if any of them appears in a log file. The log file is large, it sometimes gets up to 3GB. I was wanting to run this script from cron every hour to see if any of these ip's appear, but I'm thinking this might be too much of a load on the server (Dual CPU, 2GB memory, RedHat ES 3.0) so I might run it just a few times a day. I also thought about doing a tail -f logfile | <name of program>.pl, to look at just new log entries, but again I'm concerned about the server being able to keep up.

Anyway, I'm looking for suggestions on how to efficiently parse this much data. I initially was going to build a regex group, but not capture, all of the ip's with an alternation between each ip. Something along the lines of:
/(?:192\.168\.1\.1|192\.168\.2\.1)/
BTW, the ip's are not in a nice sequential order like above, they are all over the place.

Actually, I still haven't figured out how I was going to get from the array to the regex. I was thinking I could use map to build the regex, but I'm still a map newbie. I did backslash each decimal like this:
@ips = map { quotemeta } @ips; my $file = shift;
So I guess my questions are:

1. Is creating a regex, like the one discussed above, going to be the most efficient way?

2. If yes to number 1, any suggestions on how to build a regex from the array?

P.S. I know the term efficient can vary greatly from one programmer to the next, but I'm just looking for suggestions.

-Dru

In reply to Efficient Way to Parse a Large Log File with a Large Regex by Dru

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":



  • Are you posting in the right place? Check out Where do I post X? to know for sure.
  • Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
    <code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
  • Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
  • Want more info? How to link or How to display code and escape characters are good places to start.
Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others making s'mores by the fire in the courtyard of the Monastery: (6)
As of 2024-03-29 00:09 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found