Hello fellow Monks. I am sure there is a simple (and obvious) answer to this question that I am just overlooking. Thanx for any help you can give me would be great!

I threw together a script to scan through my linux message log to track the failed login attempts. I was trying to see which IP addresses were responsible for most of the attempts. (also which usernames were tried multiple times). I created a hash to store the IP address as the key and the times found as the count. How do I get the results sorted by frequency. I don't know how to sort by the value, and I can't make the count the key because it is not unique.

I tried pushing the result strings into an array which I can sort if the number is first, but that failed to sort properly since I can't use {$a<=>$b} because of the text! 
#!/usr/bin/perl -w
use strict;
my ($attempt,$failed)=(0,0);
my (%ip,%usr);
opendir(TEMP,'.') or die "I can't open the current directory.\n";
my @files=grep(/^messages/,readdir(TEMP));
closedir(TEMP);
foreach my $file (@files)
    {
    print "Found $file\n";
    &check($file);
    }
print "Found $attempt intrustion attempts.\n";    
print "Found ($failed) failed matches.\n";
foreach my $key (keys(%ip))
    {
    print "Found $ip{$key} attempts from $key\n";
    }
foreach my $key (keys(%usr))
    {
    print "Found $usr{$key} attempts for  $key.\n";
    }
    
            
sub check
    {
    my $file=shift;
    open(LOG,"<$file") or die "Can't open $file\n";
    while (<LOG>)
        {
        next if $_!~m/Failed/;
        $attempt++;
        my ($username,$ip_no)=$_=~/Failed .* for (?:illegal user )?(\w
++-?\w*) from ::[a-f0-9]{4}:(\d+\.\d+\.\d+\.\d+)/;
        if ((defined($username))&&(defined($ip_no)))
            {
            $ip{$ip_no}++;
            $usr{$username}++;
            }
        else {$failed++;    }
        }
    close(LOG);
    }

[download]

What obvious solution am I missing?


-Kevin 
my $a='62696c6c77667269656e6440676d61696c2e636f6d';
while ($a=~m/(^.{2})/s)
{print unpack('A',pack('H*',"$1"));$a=~s/^.{2}//s;}

[download]

In reply to Sorting hash values by K_M_McMahon

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.