Greetings (Monks){

Thanks very much to all those who helped me with my first question.

I have progressed somewhat with my Pix syslog project and learning a lot but I am up against a new challenge : how do I get my results to look like the following:

src ipaddress - dest ipaddress - port - number of times of occurance

from the results below

%PIX-4-106023 Deny tcp src inside 1.1.1.1 1637 dst outside 4.4.4.4 80 
+by access-group inside_access_in
%PIX-4-106023 Deny tcp src inside 1.1.1.1 2519 dst outside 4.4.4.4 80 
+by access-group inside_access_in
[download]

would look like:

1.1.1.1 4.4.4.4 80 2

 My code looks like the following so far (excuse newbie hacking I am learning) I am using Activestate perl.

#c:\perl\bin\perl
use Socket;

open(INFILE, "<syslog.txt");
open(OUTFILE, ">sorted4.txt");

while (<INFILE>) {
my($line2) = $_;
$line2 =~ s/\"//g;
$line2 =~ s/\:/ /g;
$line2 =~ s/\,/ /g;
$line2 =~ s/\// /g;
$line = substr $line2, index($line2, '%PIX');
push @input, $line;
}

@in = 
map substr( $_, 8 ),
sort
map {
my ( $src ) = /src\D+([\d.]+)/;
my $srcip = inet_aton( $src ) || "\0\0\0\0";
my ( $dst ) = /dst\D+([\d.]+)/;
my $dstip = inet_aton( $dst ) || "\0\0\0\0";
my ( $port ) = /$dst\D+([\d.]+)/;
"$srcip$dstip$_";
}
@input;

print @in; 

close(INFILE);
close(OUTFILE);
[download]

the output looks like this currently and is sorted by source IP and then dst IP per source.

%PIX-4-106023 Deny udp src inside 1.1.1.1 1161 dst outside 3.3.3.3 53 
+by access-group inside_access_in
%PIX-4-106023 Deny tcp src inside 1.1.1.1 1637 dst outside 4.4.4.4 80 
+by access-group inside_access_in
%PIX-4-106023 Deny tcp src inside 1.1.1.1 2519 dst outside 4.4.4.4 80 
+by access-group inside_access_in
%PIX-4-106023 Deny udp src inside 1.1.1.1 1161 dst outside 7.7.7.7 53 
+by access-group inside_access_in
%PIX-4-106023 Deny tcp src inside 1.1.1.1 2519 dst outside 9.9.9.9 80 
+by access-group inside_access_in
%PIX-4-106023 Deny udp src inside 1.1.1.1 1161 dst outside 9.9.9.9 443
+ by access-group inside_access_in
%PIX-4-106023 Deny udp src inside 1.1.1.1 1161 dst outside 9.9.9.9 53 
+by access-group inside_access_in
%PIX-4-106023 Deny tcp src inside 2.2.2.2 2605 dst outside 3.3.3.3 80 
+by access-group inside_access_in
%PIX-4-106023 Deny tcp src inside 2.2.2.2 3944 dst outside 3.3.3.3 80 
+by access-group inside_access_in
%PIX-4-106023 Deny tcp src inside 2.2.2.2 1263 dst outside 4.4.4.4 80 
+by access-group inside_access_in
%PIX-4-106023 Deny tcp src inside 2.2.2.2 2605 dst outside 7.7.7.7 80 
+by access-group inside_access_in
%PIX-4-106023 Deny tcp src inside 2.2.2.2 3944 dst outside 7.7.7.7 80 
+by access-group inside_access_in
%PIX-4-106023 Deny udp src inside 5.5.5.5 1047 dst outside 3.3.3.3 143
+3 by access-group inside_access_in
%PIX-4-106023 Deny tcp src inside 5.5.5.5 1379 dst outside 6.6.6.6 443
+ by access-group inside_access_in
%PIX-4-106023 Deny tcp src inside 5.5.5.5 1379 dst outside 6.6.6.6 80 
+by access-group inside_access_in
%PIX-4-106023 Deny udp src inside 5.5.5.5 1047 dst outside 6.6.6.6 161
+ by access-group inside_access_in
%PIX-4-106023 Deny tcp src inside 8.8.8.8 1263 dst outside 4.4.4.4 80 
+by access-group inside_access_in
%PIX-4-106023 Deny tcp src inside 8.8.8.8 2677 dst outside 6.6.6.6 80 
+by access-group inside_access_in
%PIX-4-106023 Deny tcp src inside 10.10.10.10 1637 dst outside 4.4.4.4
+ 80 by access-group inside_access_in
%PIX-4-106023 Deny tcp src inside 10.10.10.10 2677 dst outside 6.6.6.6
+ 80 by access-group inside_access_in
[download]

 thanks

Secode

---

---

Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!

Titles consisting of a single word are discouraged, and in most cases are disallowed outright.

Read Where should I post X? if you're not absolutely sure you're posting in the right place.

Please read these before you post! —

• How do I compose an effective node title?
• How do I post a question effectively?
• Markup in the Monastery

Posts may use any of the Perl Monks Approved HTML tags:

a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr

You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)

	For:		Use:
	&		&
	<		&lt;
	>		&gt;
	[		&#91;
	]		&#93;

Link using PerlMonks shortcuts! What shortcuts can I use for linking?

See Writeup Formatting Tips and other pages linked from there for more info.