Here is a snip from the firewall log, of what I am attempting to extract from the log:03/13/03 16:44:56 kernel Temporarily blocking host 212.241.116.21 03/13/03 16:44:57 firewalld[103] deny in eth0 48 tcp 20 117 212.241.11 +6.21 209.126.xxx.xxx 4449 80 syn (LO-Proxied-HTTP)
This must mean that you are able somehow to read the logs: let's assume that you did so by opening the wgl-log file in some sort of editor (and not in a proprietary viewer).
There are strong chances then that the log is in (a variant of) ASCII and Perl will be able to read the log by opening a read-filehandle and inputting the log line-by-line through us of the <INPUT-FILEHANDLE> function.
If all log-lines start with a date-and-timestamp, you can extract all data following these and put it through some regular expressions to weed out the useless entries and keep the valuable ones, which you can then either output to another file, save in a database, calculate some statistics from or --in general-- mangle beyond all recognition to your (and Perl's) heart's content.
To parse the logfile, you might have a look at regexp-log, HTTPD-Log-Filter or Log-Detect. Even if you can't use these modules directly, they will certainly give you some good ideas on how to tackle your task!
CountZero
"If you have four groups working on a compiler, you'll get a 4-pass compiler." - Conway's Law
In reply to Re: Extracting data from a firewall log
by CountZero
in thread Extracting data from a firewall log
by Anonymous Monk
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |