I do from time to time code one-shot programs. Perl is the perfect language for this, as it gives me powerful functions to do what I need (whether it's changing a few lines, calculate a string transformation or extract useful lines).

As others noted, the problem is in how will these tools evolve over time... But you get to solve your present problem now. If you discover it's a larger problem, you can always go back to the keyboard and start to think about a more general purpose program.

For example, here is a one-shot done this afternoon in a quick session, that is aimed to extract lines from a special text export of FireWall-1 logs... The only goal was to be a little faster than the FireWall-1 log tool for problem investigation. And to use simple (and regular) expressions to match lines.

#!/usr/bin/perl -w
use strict;

# the various fields
my @field = qw/id date time if fw type action service src dst proto ru
+le sport reason/;
my $i = 0; my %field = map { ($_, $i++) } @field;

# create the filter
my %filtre = (@ARGV); my @filtre;
while(my ($k, $v) = each %filtre) { # better use a while than a for lo
+op
    push @filtre, '$data['.$field{$k}."]=~m/$v/i";
}
my $filtre = join ' && ', @filtre;

# open the file
my $file = "fw01.log";
open F, $file || die "Error: $file $!\n";
$\= "\n";
print join"--\t--", @field;
while(<F>) {
    my @data = (/"(.*?)"/g);
    print join"\t",@data if eval $filtre;
}

[download]

It has -w and use strict;, but the filename is hardcoded and the file is not closed! I translated the comments from French, but they were here from the start. And the most important ones are missing... because the filter creation process was clear to me!

This ugly script allows for nice combinations, like: match.pl src 10.1.1.5 action drop service "^23|telnet" which will show all telnet connections to 10.1.1.5 that were dropped by the firewall.

If I had to write a bigger and more general purpose script, I'd probably use closures to create filter subroutines...

Update: Quick and dirty scripts can be very ugly... This one for example had a bug that prevents you to use several conditions... each should not be used in a for, but in a while loop.

In reply to Re: Reactionary Coding—One-Shot Programs by BooK
in thread Reactionary Coding—One-Shot Programs by John M. Dlugosz

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.