comment on

This started out as a way to help a friend out with a project and quickly morphed in to a desire to learn a whole lot more about perl, but right at the moment my brain's hurting and feeling bruised from all the wall-induced blunt trauma.

Basically, there's a log file that's going to be dumped from a network monitoring tool which will be updating in real time. The objective is to read the logfile every 30 seconds (or even better when it's updated) and use the win32::GUI module to display the IP addresses in an alert window.

There are several problems, just begining to work out various ways to control when the loop repeats looking for new events was painful but I stumbled upon the idea of using the file data and comparing the modified time to the system time, so that's in there.

The other big problem is that it will only display one alert window and then just runs indefinitely without giving out any other perls of wisdom.

The third potential issue (if I get that far) is to make sure that it doesn't re-notify about events that have been previously noted. Deleting the events as the window occurs is an acceptable solution as I can generate two copies of the log file.

Now I'm going to include The various mashups of code and a few few events from the text file.

code snippet 1:

use warnings;
use Win32::GUI();
use Win32::Sound;

while(1)
{
 $filename="log2.txt";
 open(TXT, $filename)||die("Could not open file!");
 @filedata = <TXT>;
 close(TXT);

 @alert = qw(a b c);
 $i=0;

 foreach $element (@filedata)
 {
     if($element =~ /(\s+)(\d{1,4})(\.\d{1,4}){3}(\s+)/)
     {
       $datetime = localtime();
       $alert[$i] = new Win32::GUI::Window(-name => 'Alert', -width =>
+ 500, -height => 200);
       $font = Win32::GUI::Font -> new(-name => "Arial", size => 46, -
+bold => 1);
       $alert[$i] -> AddLabel(-text => $datetime, -font => $font);
       $alert[$i] -> AddLabel(-text => $element, -font => $font, -top 
+=> 50);
       $alert[$i] -> AddButton(-name => "CloseButton", -text => "OK", 
+-pos => [ 200, 100 ]);
       Win32::Sound::Play("SystemExclamation");
       $alert[$i] -> Show();
       Win32::GUI::Dialog();
       ++$i;

       sub CloseButton_Click { $alert[$i] -> Hide(); }
       sub Alert_Terminate{ -1; }
       #open out, ">$filename";
     }
 }
}
[download]

this was my starting point but it doesn't display more than one window, it's just stuck in a loop.
snippet 2:

use warnings;
use Win32::GUI();
use Win32::Sound;

# Update interval in seconds
$interval = 30;

# current time
$now = time;

#if the file exists, get it's properties
if ( -f "log2.txt") {
$lastUpdate = (stat("log2.txt"))[9];
$difference = $now - $lastUpdate;
}

while ($difference > $interval)
{
 $filename="log2.txt";
 open(TXT, $filename)||die("Could not open file!");
 @filedata = <TXT>;
 close(TXT);


 @alert = qw(a b c);
 $i=0;
 
 $datetime = localtime();
 
 $alert = new Win32::GUI::Window(
      -left   => 341,
      -top    => 218,
      -width  => 500,
      -height => 200,
      -name   => "alert",
      -text   => "alert window"
      );

$font = Win32::GUI::Font -> new(
        -name => "Arial", size => 46,
        -bold => 1);

$alert[$i] -> AddLabel(
        -text => $datetime,
        -font => $font);

$alert[$i] -> AddLabel(
        -text => $element,
        -font => $font, -top => 50);

$alert->AddButton(
       -text    => "OK",
       -name    => "CloseButton",
       -left    => 200,
       -top     => 100,
      );

Win32::Sound::Play("SystemExclamation");

$alert[$i] -> Show();
       Win32::GUI::Dialog();
       ++$i;

 sub CloseButton_Click { $alert[$i] -> Hide(); }
 sub Alert_Terminate{ -1; }
 
 foreach ($element =~ /(\s+)(\d{1,4})(\.\d{1,4}){3}(\s+)/)
 {&show_win
 }
}
[download]

I realize there are gapping holes in this logic, but I'm tired and I need to go to bed, so that's what I have so far and I'll fall on my knees and praise anyone who can help get me sorted out.

and finally log2.txt:

Time: 10/31-13:36:10.802641 
event_ref: 0
192.168.0.203 -> 208.16.3.7 (portscan) TCP Portsweep
Priority Count: 5
Connection Count: 8
IP Count: 13
Scanned IP Range: 208.16.3.2:208.16.3.9
Port/Proto Count: 3
Port/Proto Range: 22:3389

Time: 10/31-13:37:58.075795 
event_ref: 0
192.168.0.203 -> 208.16.3.4 (portscan) TCP Portsweep
Priority Count: 5
Connection Count: 9
IP Count: 13
Scanned IP Range: 208.16.3.2:208.16.3.9
Port/Proto Count: 3
Port/Proto Range: 25:3389

Time: 10/31-13:38:10.031849 
event_ref: 0
192.168.0.203 -> 208.16.3.9 (portscan) ICMP Sweep
Priority Count: 5
Connection Count: 13
IP Count: 12
Scanned IP Range: 208.16.3.2:208.16.3.10
Port/Proto Count: 0
Port/Proto Range: 0:0

Time: 10/31-13:38:10.032141 
event_ref: 0
192.168.0.203 -> 208.16.3.7 (portscan) TCP Portscan
Priority Count: 5
Connection Count: 6
IP Count: 1
Scanner IP Range: 192.168.0.203:192.168.0.203
Port/Proto Count: 7
Port/Proto Range: 21:3389
[download]

There're about 500 entries in the file I'm currently using for testing, but here're a few to play with and so you can see the format.

P.S. if I missed a bit of forum etiquette or write-up formatting I apologize and blame it on the lack of sleep and lack of experience on this forum. I accept full responsibility.

In reply to read from network security log file and display lines as alert boxes by whistler

Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!

Titles consisting of a single word are discouraged, and in most cases are disallowed outright.

Read Where should I post X? if you're not absolutely sure you're posting in the right place.

Please read these before you post! —

Posts may use any of the Perl Monks Approved HTML tags:

a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr

You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)

	For:		Use:
	&		`&`
	<		`<`
	>		`>`
	[		`[`
	]		`]`

Link using PerlMonks shortcuts! What shortcuts can I use for linking?

See Writeup Formatting Tips and other pages linked from there for more info.