#file to write to 
$writeFile = "C:\\Snort\\log\\test3\\write.log";
open WRITEFILE, ">$writeFile" or die "Could not open write file.";

use File::Tail;
$file= File::Tail -> new ("C:\\Snort\\log\\test3\\logto2.log");
@alert; 

while (defined ($linea = $file->read)){
	if($linea =~m/^\=\+\=/){
		process(@alert);
		@alert = ();
	}else{
		push @alert, $linea;
	}
}

sub process{
	@lines = @_;
	$foundGET = ();
	$foundHTTP = ();
	$foundAccept = (); 
	$counter = 0;
	@locations =();  
	
	#keeps track of where the separate alerts start 
	foreach $line (@lines){ 
		if ($line =~ /hiiii/){
			push (@locations, $counter);  
		}#end if
		$counter++;
	}#end foreach
	
	foreach $number (@locations){
	#for the timestamp
	$timeStamp = substr (@lines[$number+1], 0, 14);
	print "Time: $timeStamp\n"; 
	print WRITEFILE "Time: $timeStamp\n";
	
	#for source IP 
	$thirdLine = @lines[$number+2]; 
	$srcIPColonIndex = index ($thirdLine, ':');
	$sourceIP = substr ($thirdLine, 0, $srcIPColonIndex);
	print "Source IP: $sourceIP\n";
	print WRITEFILE "Source IP: $sourceIP\n";
	
	#for source port 
	$thirdLine = substr($thirdLine, $srcIPColonIndex+1);
	$srcPortSpace = index ($thirdLine, ' '); 
	$sourcePort = substr($thirdLine, 0, $srcPortSpace); 
	print "Source Port: $sourcePort\n";
	print WRITEFILE "Source Port: $sourcePort\n";
	
	# for destination IP 
	$thirdLine = substr($thirdLine, index($thirdLine, '>')+2); 
	$destIPColonIndex = index ($thirdLine, ':');
	$destIP = substr ($thirdLine, 0, $destIPColonIndex); 
	print "Destination IP: $destIP\n";
	print WRITEFILE "Destination IP: $destIP\n";
	
	#for destination port 
	$thirdLine = substr($thirdLine, $destIPColonIndex+1); 
	$destPortSpace = index ($thirdLine, ' '); 
	$destPort = substr($thirdLine, 0, $destPortSpace);
	print "Destination Port: $destPort\n";
	print WRITEFILE "Destination Port: $destPort\n";
	
	#for protocol
	$thirdLine = substr($thirdLine, $destPortSpace+1);
	$protocolSpace = index ($thirdLine, ' '); 
	$protocol = substr($thirdLine, 0, $protocolSpace); 
	print "Protocol: $protocol\n"; 
	print WRITEFILE "Protocol: $protocol\n";
	
	$counterGET=0;
	$counterHTTP=0;
	
	#for GET 
	while ($foundGET=~ ()){
		if(@lines[$counterGET]!~ m/GET/){
			$counterGET++;
		}#end if
		else {
			$foundGET = !();
		}#end else
	}#end while
	
	#for HTTP 
	while ($foundHTTP =~ ()){
		if(@lines[$counterHTTP]!~ m/Accept/ && @lines[$counterHTTP]!~ m/HTTP/){
			$counterHTTP++; 
		}#end if
		else {
			$foundHTTP = !();
		}#end else
	}#end while 
	
	$fullString = "";
	@newArray = (); 
	
	#gets all the data packet lines needed 
	for ($count = $counterGET; $count <= $counterHTTP+1; $count++){
		push @newArray, @lines[$count];
	}#end for
	
	#chops the hex out of the get to http lines
	foreach $line3 (@newArray){
		$line3 = substr ($line3, 49);
	}#end foreach 
	
	chomp (@newArray);
	
	$fullString = join ("", @newArray);
		
	$indexOfAccept = index ($fullString, 'Accept'); 
	$fullString = substr($fullString, 0, $indexOfAccept-2);
	
	print "GET Trace: $fullString\n";
	print WRITEFILE "GET Trace: $fullString\n\n";
	print "\n";
	}#end foreach
}#end sub