Re: Scanning multiple files from Snort rules one by one and extracting a particular part to another file

I'm not sure just how big each rule file is, but reading in all of the file seems wasteful when you only want the first part. To carry on with Laurent R's example, you could extract the header part in the first loop and save it into an array for processing later:


my @headers;
for my $rulefile (@rulefiles){
    open my $INFILE, "<", $rulefile or die "Can't open  $rulefile $!";
    my $header;
    while ( my $line = <$INFILE> ) {
        # see if this line contains opening bracket
        if ( $line =~ m/\(/ ) {
            my $pos = index( $line, '(' );
            last unless $pos > 0;
            $header .= substr( $line, 0, $pos );
            last;
        }
        else {
            $header .= $line;
        }
    }
    close $INFILE;
    push( @headers, $header ) if $header;
}

for my $header ( @headers ) {
    print "\nHeader:\n$header\n";
    
    # now process the header
}
[download]

Comment on Re: Scanning multiple files from Snort rules one by one and extracting a particular part to another file - File Handling Download Code

Replies are listed 'Best First'.
Re^2: Scanning multiple files from Snort rules one by one and extracting a particular part to another file - File Handling by edison.pioneer (Initiate) on Jul 23, 2015 at 04:43 UTC
Hi, thanks for guiding !! I'm trying to learn this language but I'm always confused in this part. for my $rulefile (@rulefiles){ What exactly is the difference betweeen $rulefile and @rulefiles? I understand that @rulefiles is an array and is actually referring to the assortment of all the ".rule" file in the folder. but what purpose is $rulefile serving?	[reply]
Re^3: Scanning multiple files from Snort rules one by one and extracting a particular part to another file - File Handling by Laurent_R (Canon) on Jul 23, 2015 at 07:47 UTC
Hi, `@rulefiles` is an array containing the names of the *.rule" files in the folder. `for my $rulefile (@rulefiles) { # ... }` [download] is a loop that goes over each of the items (file names) in the `@rulefiles` array, one after the other, assigns it to the `$rulefile` variable, so that each of the items can be manipulated with the `$rulefile` variable name within the body of the loop. This is a simple example of a Perl one-liner using a similar construct: `$ perl -e 'for my $i (1, 4, 3, 2) { print "$i\n"; }' 1 4 3 2 $` [download] In this example, the `$i` variable takes successively each value of the list `(1, 4, 3, 2)` and the body of the loop simply prints `$i` to the screen.	[reply] [d/l] [select]