StalkinYerMa has asked for the wisdom of the Perl Monks concerning the following question:

Hi, i'm new here don't judge lol. Anyways im having troubles with trying to match a regex, i had it somewhat working but not now. I seem to have a problem that $info seems to go out of scope or something i put a print before and after where it seems to just loose its string. 

my $column_separator = ",";
my $column_number = "4";
$column_number--;
my $str = "APPCRASH.";
my $file_in = 'c:\perl\week3\WindowsApplicationEvent.csv';
my $file = 'c:\perl\week3\scan.'.$str.'.txt';
my @strings = ("APPCRASH.","he protected system file.","EMET_DLL Modul
+e logged the following event:.","your virus/spyware.","A new process 
+has been created\\..","A service was installed in the system\\..","A 
+scheduled task was created\\..","Logon Type:[\\W]*(3|10).","\\\\Softw
+are\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Run.","service termi
+nated unexpectedly\\..","service was successfully sent a.","service e
+ntered the.","service was changed from.");
my @found = ();
my $count = 0;


    open (LOGFILE, $file_in); 
    print "Opening Eventfile...\n"; 
    my @lines=<LOGFILE>;
    open (OUT, ">>", $file) or die "$!"; 
 
 foreach my $info (@lines){
    ++$count;
    chomp($info);
    foreach my $string(@strings)
    {    
        #print " string-->$string\n\n";
        #print "BEFORE \n\n $string \n\n $info \n\n";
        #if($info =~ m{^$string$})
        #if ($info =~ m/$string/)
        #print " check --> $check";
        #if (grep (m{^$string$}), $info)
        if ($info =~ m{^$string$})
        {
            #print "AFTER $info \n";
            push (@found, "Line # $count -> $info ");
            print OUT "Line # $count -> $string --> $info \n"; 
            #print "Extractig line $count ...\n";
            
        }
    }    
 }

[download]

sorry for the long input file info, i just feel it may help, again thank you guys for looking int o this for me

FILE CONTENTS

9/9/2013,1:42:00 PM,gupdate,Information,None,0,N/A,DANIEL-3332D452,The description for Event ID ( 0 ) in Source ( gupdate ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Service stopped. 9/9/2013,1:42:00 PM,gupdate,Information,None,0,N/A,DANIEL-3332D452,The description for Event ID ( 0 ) in Source ( gupdate ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Service started. 9/9/2013,12:57:52 PM,Bonjour Service,Error,None,100,N/A,DANIEL-3332D452,CacheRecordAdd: _apple-mobdev._tcp.local. (PTR) got immediate answer burst (10); restarting exponential backoff sequence (243486) 9/9/2013,12:56:11 PM,Bonjour Service,Error,None,100,N/A,DANIEL-3332D452,CacheRecordAdd: _apple-mobdev._tcp.local. (PTR) got immediate answer burst (10); restarting exponential backoff sequence (81162) 9/9/2013,10:54:40 AM,iPod Service,Information,None,0,N/A,DANIEL-3332D452,The description for Event ID ( 0 ) in Source ( iPod Service ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Service started/resumed. 9/9/2013,10:50:50 AM,VMUpgradeHelper,Information,None,271,N/A,DANIEL-3332D452,Restored network configuration. 9/9/2013,10:50:50 AM,VMUpgradeHelper,Information,None,270,N/A,DANIEL-3332D452,Not restoring network configuration for adapter with MAC address 00:0C:29:74:43:A7. The device ID for this adapter is unchanged. 9/9/2013,10:50:49 AM,VMUpgradeHelper,Information,None,258,N/A,DANIEL-3332D452,Restoring network configuration. 9/9/2013,10:50:48 AM,TPAutoConnSvc,Information,None,0,N/A,DANIEL-3332D452,The description for Event ID ( 0 ) in Source ( TPAutoConnSvc ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: TPAutoConnect Service started.. 9/9/2013,10:50:46 AM,MySQL,Information,None,100,N/A,DANIEL-3332D452,"C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld: ready for connections. Version: '5.5.15' socket: '' port: 3306 MySQL Community Server (GPL)

FILE CONTENTS

Replies are listed 'Best First'.
Re: Regex problem i think?
by GrandFather (Saint) on Sep 10, 2014 at 03:08 UTC

    The following test script based on your sample works as expected. Maybe you can modify it to show the problem you see? Keep it as a stand alone test script though!

    use strict;
use warnings;

my @strings = (
    "APPCRASH.",
    "he protected system file.",
    "EMET_DLL Module logged the following event:.",
    "your virus/spyware.",
    "A new process has been created\..",
    "A service was installed in the system\..",
    "A scheduled task was created\..",
    "Logon Type:[\\W]*(3|10).",
    "\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Run.",
    "service terminated unexpectedly\..",
    "service was successfully sent a.",
    "service entered the.",
    "service was changed from."
    );

while (defined (my $info = <DATA>)) {
    for my $string (@strings) {
        chomp $info;

        if ($info =~ /\Q$string\E/) {
            print "Line # $.: '$string' --> '$info'\n";
        }
    }
}

__DATA__
APPCRASH.
nothing to see here
Part sentence: service entered the.

    [download]

    You can avoid the explicit loop over strings by constructing a combined match expression:

    use strict;
use warnings;

my @strings = (
    "APPCRASH.",
    "he protected system file.",
    "EMET_DLL Module logged the following event:.",
    "your virus/spyware.",
    "A new process has been created\..",
    "A service was installed in the system\..",
    "A scheduled task was created\..",
    "Logon Type:[\\W]*(3|10).",
    "\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Run.",
    "service terminated unexpectedly\..",
    "service was successfully sent a.",
    "service entered the.",
    "service was changed from."
    );
my $match = join '|', map {qr/\Q$_\E/} @strings;

while (defined (my $info = <DATA>)) {
    chomp $info;
    next if $info !~ /($match)/;

    print "Line # $.: '$1' --> '$info'\n";
}

__DATA__
APPCRASH.
nothing to see here
Part sentence: service entered the.

    [download]
    Perl is the programming world's equivalent of English
[reply]
[d/l]
[select]
      im going to try this out to see if it work's thanks for the reply, if you get time do you think you could describe what the join is doing im not very good with regex's
[reply]

        See: join, perlretut, perlre and perlreref. Regular expressions are a language in their own right, a major player in Perl's team of tools, and have been adopted by many tools other than Perl. They are well worth becoming familiar with. It's at least worth knowing where to find documentation.

        The short version is: | is the alternation character. The match will succeed if any of the alternate matches separated by the | succeed. Join glues a list of strings together using the first string as the glue.

        If you are serious about learning and using Perl I strongly recommend you get a copy of the Perl Pocket Reference.

        Perl is the programming world's equivalent of English
[reply]
Re: Regex problem i think?
by Athanasius (Archbishop) on Sep 10, 2014 at 03:27 UTC

    Hello StalkinYerMa, and welcome to the Monastery!

    From the contents of the strings in @strings, it looks like you want to use regex metacharacters. If so, the line:

    if($info =~ /\Q$string\E/)

    [download]

    is not what you want, as \Q turns metacharacters back into ordinary characters. The commented-out line:

    if($info =~ m{^$string$})

    [download]

    is better, but it may be too restrictive if you want to match part of an input line only. If you use simply:

    if ($info =~ /$string/)

    [download]

    what happens? If this still isn’t what you want, you will need to supply sample input (from the contents of $file_in, which is never defined, BTW), together with the output you are getting and the output you expect/want to get.

    A couple of unrelated points:

    1. $count = $count+1; may be written more concisely as ++$count;.

    2. It would be more efficient to chomp($info); in the outer foreach loop.

    Hope that helps,

    Athanasius <°(((><contra mundum Iustus alius egestas vitae, eros Piratica,

[reply]
[d/l]
[select]

      Ive tried every version of what you told me and it dosent seem to match, the file im using is a csv file that is full of system information. the files first line is: 

      9/9/2013,1:42:00 PM,gupdate,Information,None,0,N/A,DANIEL-3332D452,The
+ description for Event ID ( 0 ) in Source ( gupdate ) cannot be found
+. The local computer may not have the necessary registry information 
+or message DLL files to display messages from a remote computer. You 
+may be able to use the /AUXSOURCE= flag to retrieve this description;
+ see Help and Support for details. The following information is part 
+of the event: Service stopped.

      [download]
      the biggest problem im having is the regex seems to break it. right after i call the regex it never goes into the loop to check. I appreciate the quick responses. Yes count should have been up one loop, i start moving things around when it dosent work

[reply]
[d/l]

        If your data is in a CSV file then you will be much better off extracting the data using a dedicated CSV module. For example, Text::CSV_XS by Tux is highly recommended. You should extract the relevant field(s) first, and only then apply one or more regexes to those fields to extract the data you want.

        We’re going to need more information before we can give further help. The best way to provide us with that information is to follow the advice in How do I post a question effectively?

        Include (inside <code>...</code> or <c>...</c> tags) a minimal script that reproduces your problem and sample data (input).

        — together with the output you actually get and the output you want.

        P.S. It’s chomp that’s in the wrong part of the loop, not $count.

        Hope that helps,

        Athanasius <°(((><contra mundum Iustus alius egestas vitae, eros Piratica,

[reply]
[d/l]
[select]

Back to Seekers of Perl Wisdom