in reply to File handling - Reading 10 Snort rules from text file,converting them to hex, and storing onto another text file

Second point: Your sample data should be inside <code></code> tags. As it is we can't tell what it really is: do the lines numbers exist in the file, or did you add them for your post?

Third point: Not much sense in globbing and looping through an array when there is only one file.

First point: Simplify your data and your code until it works. Then add back in.

Here is an example of what you should do to make a simple test. 

#! perl -w
use strict;
use Path::Tiny qw/ path /;

my $file  = '1135963.txt';
my @lines = path( $file )->lines( { chomp => 1 } );

foreach my $line ( @lines ) { 
  if ( $line =~ m/^([^(]+)/ ) { 
    print "$1\n";
  }
}

__END__

[download]

Where your file is: 

cmp rule alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP ISS 
+Pinger"; itype:8; content:"ISSPNGRQ"; depth:32; classtype:attempted-r
+econ; sid:465; rev:6;)
p2p rule alert tcp $EXTERNAL_NET any -> $HOME_NET 25 (msg:"PHISHING-SP
+AM younglaugh.ru known spam email attempt"; flow:to_server, establish
+ed; content:"younglaugh.ru"; nocase; classtype:policy-violation; sid:
+17003; rev:3;)
pop3 rules alert tcp $EXTERNAL_NET any -> $HOME_NET 110 (msg:"POP3 DEL
+E negative argument attempt"; flow:to_server,established; content:"DE
+LE"; fast_pattern:only; pcre:"/^DELE\s+-\d/smi"; reference:bugtraq,60
+53; reference:bugtraq,7445; reference:cve,2002-1539; reference:nessus
+,11570; classtype:misc-attack; sid:2121; rev:14;)
SCADA rules alert tcp $EXTERNAL_NET ANY -> $HOME_NET 20222 (msg:"SCADA
+ CitectSCADA ODBC buffer overflow attempt"; flow:established,to_serve
+r; content:"|02 00 00 00 00|"; depth:9; byte_test:4,>=,225,0,relative
+; metadata:policy security-ips drop; reference:bugtraq,29634; referen
+ce:cve,2008-2639; reference:url,www.citect.com/index.php?option=com_c
+ontent&task=view&id=1374&Itemid=223; classtype:attempted-admin; sid:1
+4265; rev:4;)
SMTP rules alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg:"SMTP 
+Mozilla Thunderbird WYSIWYG engine filtering IFRAME JavaScript execut
+ion attempt"; flow:to_server,established; content:"<iframe"; nocase; 
+pcre:"/^\s*^\x3e*src\s*\x3d\s*\x22\x27^\x22\x27*javascript\x3a/iR"; m
+etadata:policy security-ips drop; reference:bugtraq,16770; reference:
+cve,2006-0884; classtype:attempted-user; sid:16038; rev:4;)
spyware-put rules alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS
+ (msg:"SPYWARE-PUT Hijacker dropspam runtime detection - third party 
+information collection"; flow:to_server,established; content:"/d/sr/?
+"; nocase; http_uri; content:"xargs="; nocase; http_uri; content:"yar
+gs="; nocase; http_uri; content:"Referer|3A| "; nocase; http_header; 
+content:"mysearch.dropspam.com/index.php?tpid="; nocase; http_header;
+ metadata:policy balanced-ips drop, policy connectivity-ips drop, pol
+icy security-ips drop; reference:url,www.spywareguide.com/product_sho
+w.php?id=2437; reference:url,www3.ca.com/securityadvisor/pest/pest.as
+px?id=453097437; classtype:misc-activity; sid:5938; rev:7;)
voip rules alert tcp $EXTERNAL_NET any -> $SIP_SERVERS 2000 (msg:"VOIP
+-SKINNY-TCP Asterisk data length field overflow attempt"; flow:establ
+ished,to_server; dsize:>992; byte_test:4,>,992,0,little; reference:bu
+gtraq,20617; reference:cve,2006-5444; reference:url,www.exploit-db.co
+m/exploits/2597; classtype:attempted-user; sid:12359; rev:7;)
web cgi rules alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS
+ (msg:"WEB-CGI HyperSeek hsx.cgi directory traversal attempt"; flow:t
+o_server,established; content:"/hsx.cgi"; http_uri; content:"../../";
+ content:"%00"; distance:1; reference:bugtraq,2314; reference:cve,200
+1-0253; reference:nessus,10602; classtype:web-application-attack; sid
+:803; rev:17;)
specific threats rules alert tcp $EXTERNAL_NET $FILE_DATA_PORTS -> $HO
+ME_NET any (msg:"SPECIFIC-THREATS Microsoft Windows GDI+ TIFF file pa
+rsing heap overflow attempt"; flow:to_client,established; flowbits:is
+set,file.tiff; file_data; content:"|01 00 01 00 01 00 01 00|"; within
+:8; distance:266; content:"|02 01 03 00 04 00 00 00 0A 01 00 00|"; co
+ntent:"|06 01 03 00 01 00 00 00 05 00 00 00|"; distance:0; metadata:p
+olicy balanced-ips drop, policy security-ips drop, service http; refe
+rence:cve,2009-2502; reference:url,technet.microsoft.com/en-us/securi
+ty/bulletin/MS09-062; classtype:attempted-user; sid:16184; rev:7;)
SQL rules alert tcp $EXTERNAL_NET any -> $SQL_SERVERS 139 (msg:"SQL sp
+_start_job - program execution"; flow:to_server,established; content:
+"s|00|p|00|_|00|s|00|t|00|a|00|r|00|t|00|_|00|j|00|o|00|b|00|"; depth
+:32; offset:32; nocase; classtype:attempted-user; sid:676; rev:8;)

[download]
The way forward always starts with a minimal test.
  • Comment on Re: File handling - Reading 10 Snort rules from text file,converting them to hex, and storing onto another text file
  • Select or Download Code

Replies are listed 'Best First'.
Re^2: File handling - Reading 10 Snort rules from text file,converting them to hex, and storing onto another text file
by edison.pioneer (Initiate) on Jul 24, 2015 at 08:37 UTC
    Yes, the line numbers I purposefully added in the text file so as to easily distinguish.
[reply]

In Section Seekers of Perl Wisdom