Hi ccrash,
Here's the code. But I don't know what it means.I only understand that it is checking whether the entry would have something like IP Address as above. But does it pass the IP address to the $srcip variables ?my ($srcip) = $whole_event_string =~ /^(\d+\.\d+\.\d+\.\d+)/;
Yes, it does. Your code is using a regular expression to find a pattern that looks like an IP Address. Before telling you how it does it, I recommend you to have a look at the perl documentation on regular expressions. In your particular case, the variable $whole_event_string holds the Log entries. Every Log entry is analysed to see whether it has a pattern that begins (that is the meaning of the ^ symbol) with the following sequence of characters:
\d+ one or more digits \. a dot \d+ one or more digits \. a dot \d+ one or more digits \. a dot \d+ one or more digits
if there is a match, that sequence of characters is assigned to the variable $srcip
The following code illustrates what I just described:
#!/usr/bin/perl use strict; use warnings; while (defined (my $whole_event_string = <DATA>)) { my ($srcip) = $whole_event_string =~ /^(\d+\.\d+\.\d+\.\d+)/; print "\$srcip = $srcip\n"; } __DATA__ 1.2.3.4 - Unauth [09/Oct/2003: 10:12:06 -0700] "GET / HTTP/1.1" 200 19 +79 2.3.4.5 - Unauth [09/Oct/2004: 11:12:06 -0700] "GET / HTTP/1.1" 200 19 +79 3.4.5.6 - Unauth [09/Oct/2005: 12:12:06 -0700] "GET / HTTP/1.1" 200 19 +79 4.5.6.7 - Unauth [09/Oct/2006: 13:12:06 -0700] "GET / HTTP/1.1" 200 19 +79
If you try it, the output should be:
$srcip = 1.2.3.4
$srcip = 2.3.4.5
$srcip = 3.4.5.6
$srcip = 4.5.6.7
I hope this helps
lin0In reply to Re: Need advice on PERL
by lin0
in thread Need advice on PERL
by ccrash
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |