perl log search

zac_carl has asked for the wisdom of the Perl Monks concerning the following question:

Hi Monks

I have a simple search to make through a log.

[2011-04-16 HH:mm:ss,xyz] conn=1000000 fd=0 slot=0 connection from d1.
+d2.d3.d4 to x1.x2.x3.x4 port xyzq
[2011-04-16 HH:mm:ss,xyz] conn=1000000 op=0 BIND dn="" method=0 versio
+n=3
[2011-04-16 HH:mm:ss,xyz] conn=1000000 op=0 RESULT err=0 tag=0 nentrie
+s=0 etime=0
[download]

From the above text i have to find all the ip address of the format x1.x2.x3.x4 which have same connection number(conn=1000000) as the one with text /op=0 BIND dn=""/

What would be the fatest way to do this ?

I dont like the idea of saving the all connection numbers(e.g conn=1000000) with matched text /op=0 BIND dn=""/ and search the whole log again for ip address that matches the connection number

Thanks for help

Comment on perl log search Download Code

Replies are listed 'Best First'.
Re: perl log search by NetWallah (Canon) on Jun 04, 2011 at 05:40 UTC
This should get you started (untested): `use strict; use warnings; my %conn; while(<>){ next unless my ($c) = m/conn=(\d+)\s/; m/ connection from ([\d\.]+) to ([\d\.]+) port (\d+)/ and do{ $conn{$c}{FROM}=$1; $conn{$c}{TO} =$2; $conn{$c}{PORT}=$3; next; }; m/BIND dn="([^"])"/ and do{ $conn{$c}{BINDDN}=$1; next; } } for (sort keys %conn){ print "Connection $_ $conn{$_}{FROM} -> $conn{$_}{TO} \[$conn{$_}{P +ORT}\] DN=$conn{$_}{BINDDN};\n"; }` [download] Update:*Fixed typo for $2, and added print logic. Update2: Fixed syntax (Missing semicolon), and allowed for empty DN "XML is like violence: if it doesn't solve your problem, use more."	[reply] [d/l]
Re: perl log search by jffry (Hermit) on Jun 03, 2011 at 23:25 UTC
It is very hard to read your post. Read this. But most importantly, put `<c>` before your log file output, and `</c>` afterwards. Like this: <c> Your log file lines go here. </c>	[reply]
Re^2: perl log search by zac_carl (Acolyte) on Jun 04, 2011 at 01:49 UTC
Sorry for the trouble .I just changed the format.	[reply]
Re: perl log search by zac_carl (Acolyte) on Jun 03, 2011 at 21:27 UTC
`[2011-04-16 HH:mm:ss,xyz] conn=1000000 fd=0 slot=0 connection from d1. +d2.d3.d4 to x1.x2.x3.x4 port xyzq "\n" [2011-04-16 HH:mm:ss,xyz] conn=1000000 op=0 BIND dn="" method=0 versio +n=3 "\n" [2011-04-16 HH:mm:ss,xyz] conn=1000000 op=0 RESULT err=0 tag=0 nentrie +s=0 etime=0 "\n" Text to search` [download]	[reply] [d/l]