in reply to Re: Help with Snort and File::Tail
in thread Help with Snort and File::Tail

Another probably stupid question.... What is the process_alert(\alert) if @alert;? Is this not a subroutine? can I just do

sub process{ my @array = @_; }

Replies are listed 'Best First'.
Re^3: Help with Snort and File::Tail
by runrig (Abbot) on Jun 22, 2011 at 15:16 UTC
    Yes, you can do that. ikegami's code passed a reference to the array, which is better if the array is large, or necessary if you are passing multiple arguments (e.g. multiple arrays) to a function. I'm not sure it matters here. And then the sub would be something like:
    sub process {
  my $alert = shift;
  print "$_" for @$alert;
  # Or (since I'm not sure what you're doing with this)
  for my $line (@$alert) {
    # process $line of alert
  }
}

    [download]
    If you asking about the 'if @alert' part, then that's just like:
    if (@alert) {
  process(@alert)
}

    [download]
    and the array (@alert) is true in boolean context if it contains any elements (false if it has zero, of course).
[reply]
[d/l]
[select]
      Ahhh. I see that was very helpful. Thank you. Would this add to the end of an output file if at the end of my sub I just do like "print WRITEFILE xxxx"? When I ran the perl script on the same document twice (before I implemented this File::Tail stuff) the 2nd time it overwrote the first part in WRITEFILE. How can I insure every new alert gets added to the end of the output file rather than the most recent alert overwriting the older ones?
[reply]
        Perhaps you need to open the file in append mode:
        open(my $fh, ">>", $filename) or die "Err opening $filename: $!";

        [download]
[reply]
[d/l]

In Section Seekers of Perl Wisdom