comment on

Wow, thank you all for the pointers! I've got a lot to learn but you've all provided some very valuable information. That is only one part of the process I have to accomplish. I'll be working on it over the weekend and will update this post with any changes and provide a solution when I do succeed.

Rest of the flow is as such:

-> Grab sessionID from auth log which is in the rough format: 20120921 10:04:02.162 LOGIN_FAIL username sessionid -> With that sessionID, parse message log file for: 20120921 10:04:02.162 AUTHREQ referer sessionid -> Sometimes there will be duplicate entries in message (i.e. same sessionID, different time, potentially different referer). If there are duplicates, I want to parse the time to find the one which is closest in time to the original auth event and then grab the referer from that, eventually counting the total per referer.

In reply to Re: Parsing Logs by mdotpl
in thread Parsing Logs by mdotpl

Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!

Titles consisting of a single word are discouraged, and in most cases are disallowed outright.

Read Where should I post X? if you're not absolutely sure you're posting in the right place.

Please read these before you post! —

Posts may use any of the Perl Monks Approved HTML tags:

a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr

You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)

	For:		Use:
	&		`&`
	<		`<`
	>		`>`
	[		`[`
	]		`]`

Link using PerlMonks shortcuts! What shortcuts can I use for linking?

See Writeup Formatting Tips and other pages linked from there for more info.