Hello Monks,
I am trying to match a log file when it contains an entry with the "sent" action but not the "created" action regardless if the "sent" action is also logged. In my below example 192.168.7.16 would match because there is a log entry for "sent" but 192.168.66.176 would not because even though there is a log entry for "sent" there is also an entry for "created."
Does someone know how I could go about doing this?
#!/usr/bin/perl
use strict;
use warnings;
my %hash;
while(<DATA>){
my ($srcip, $action) = (split /\s+/)[1,4];
$action = $1 if ($action =~ /\[\d+\](\w+)/);
$hash{$srcip}{action} = $action;
}
for (keys %hash){
print "$_ == $hash{$_}{action}\n";
}
__DATA__
ex100525.log:09:42:26 192.168.66.176 webcountry 192.168.0.166 [5933]cr
+eated /140NOE77111_V460_+IE38/FTP+script/put771.ftp 226 0
ex100525.log:09:42:27 192.168.66.176 webcountry 192.168.0.166 [5933]cr
+eated /140NOE77111_V460_+IE38/FTP+script/update_noe77111_module.doc 2
+26 0
ex100525.log:09:42:27 192.168.66.176 webcountry 192.168.0.166 [5933]cr
+eated /140NOE77111_V460_+IE38/FTP+script/upfwnoe.bat 226 0
ex100525.log:09:42:27 192.168.66.176 webcountry 192.168.0.166 [5933]CW
+D /140NOE77111_V460_+IE38/Release+Note 550 2
ex100525.log:09:42:27 192.168.66.176 webcountry 192.168.0.166 [5933]CW
+D /140NOE77111_V460_+IE38/Release+Note 250 0
ex100525.log:09:42:27 192.168.66.176 webcountry 192.168.0.166 [5933]se
+nt /140NOE77111_V460_+IE38/Release+Note/RN_140NOE77111_V46.doc 226 0
ex100525.log:09:42:27 192.168.7.16 webcountry 192.168.0.166 [5933]sent
+ /140NOE77111+V4.6/140NOE77111_V460_+IE38 250 0
ex100525.log:09:42:27 192.168.7.16 webcountry 192.168.0.166 [5933]CWD
+/140NOE77111+V4.6/140NOE77111_V460_+IE38 250 0
Thanks,
Dru
Perl, the Leatherman of Programming languages. -
qazwart