There are two stages, firstly going through the data and building a hash, the keys of which are all the unique combination of src_ip, dest_ip, and port. This key's value is incremented each time it's found, and so the value of the hash key forms our count value.
Then it's just a case of going through the keys, spliting them apart so we can join them in the correct format, and printing the count value.
If you were going to do anything more complicated than this then you should probably store your data in a hash of hash format, rather than my mangled string example, but I had to leave you with something to do :)
anyway, here's the code...
my $delim = "DELIM"; my %access_count; while (<DATA>) { my $access_string = join($delim, ($_ =~ m/(\d+\.\d+\.\d+\.\d+).*?( +\d+\.\d+\.\d+\.\d+)\s(\d+)/)); print "$access_string\n"; $access_count{$access_string}++; } foreach my $access_string (sort keys %access_count) { print join(' - ', (split /$delim/, $access_string), "[$access_count{$access_string}]" ) . "\n"; } __DATA__ %PIX-4-106023 Deny udp src inside 1.1.1.1 1161 dst outside 3.3.3.3 53 +by access-group inside_access_in %PIX-4-106023 Deny tcp src inside 1.1.1.1 1637 dst outside 4.4.4.4 80 +by access-group inside_access_in %PIX-4-106023 Deny tcp src inside 1.1.1.1 2519 dst outside 4.4.4.4 80 +by access-group inside_access_in %PIX-4-106023 Deny udp src inside 1.1.1.1 1161 dst outside 7.7.7.7 53 +by access-group inside_access_in %PIX-4-106023 Deny tcp src inside 1.1.1.1 2519 dst outside 9.9.9.9 80 +by access-group inside_access_in %PIX-4-106023 Deny udp src inside 1.1.1.1 1161 dst outside 9.9.9.9 443 + by access-group inside_access_in
In reply to Re: looping through an array
by reasonablekeith
in thread looping through an array
by Secode
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |