in reply to Parsing a log file
However, if you don't have control of the data, you'll just have to take a stab. With the assumption that the first four fileds don't have spaces in them, and that the key/value data that follows doesn't have any '='s in the data, then you could do something like this...
OUTPUT#!/usr/bin/perl use Data::Dumper; while(<DATA>) { chomp; my ($log_date, $log_time, $something, $ip_address, $keyed_data_str +ing ) = split /\s+/, $_, 5; my %keyed_data_hash; while( $keyed_data_string =~ s/\s*(\w+)=\s*([^=]*)$/ $keyed_data_h +ash{$1} = $2; ''/xsge) { 1 } print Dumper($log_date, $log_time, $something, $ip_address, \%keye +d_data_hash); } __DATA__ 2007-11-16 16:05:40 Local1.Alert 128.2.2.40 id=firewall time= +"2007-11-16 16:03:37" fw=WS2000-Store 02 pri=1 proto=6(tcp) src=128.2 +.2.200 dst=128.2.100.106 mid= 1013 mtp= 2 msg=TCP connection request + received is invalid, dropping packet Src 23 Dst 4631 from EXT n/w ag +ent=Firewall
... which works by pulling off the easy four first fields, and then works from the end of the rest of the data, creating a key pair hash.$VAR1 = '2007-11-16'; $VAR2 = '16:05:40'; $VAR3 = 'Local1.Alert'; $VAR4 = '128.2.2.40'; $VAR5 = { 'msg' => 'TCP connection request received is invalid, drop +ping packet Src 23 Dst 4631 from EXT n/w', 'proto' => '6(tcp)', 'time' => '"2007-11-16 16:03:37"', 'src' => '128.2.2.200', 'mtp' => '2', 'mid' => '1013', 'fw' => 'WS2000-Store 02', 'agent' => 'Firewall', 'id' => 'firewall', 'pri' => '1', 'dst' => '128.2.100.106' };
It's pretty ugly, but with your data, I don't see a way around it.
|
|---|