Re: parse a log file

first off, can you post some data, so we know what you're reading in?

looking at your script, there are a few things that could be improved upon.
~you're using warnings twice, with perl -w, and use warnings. you don't need both.
~why is use strict commented out?
~this is confusing~

#Look only at the summary lines where $_ == 560
while (defined ($_ = <FILE>)) {
    next unless ($_ =~ /560/);  #we only want the files with 560
    $_ =~ s/`/,/g;      #this is here to get the user name because ' i
+s after name
    @x=split(/,/);
    if (!($x[16] =~ /Primary User Name:    CISERFS1/)) {  #dont want t
+he details from the sytem
[download]

probably it's better to split first, then search on the filename field, otherwise you may run into a year 2560 bug ;)
something like

#Look only at the summary lines where $x[???] contains '560'
while (<FILE>) {
    @x=split /,|`/;
    next unless ($x[???] =~ /560/);  #we only want the files with 560
    unless($x[16] =~ /Primary User Name:    CISERFS1/) {  #dont want t
+he details from the sytem
[download]

~also, you are assigning temporary variables, but i don't see a real need, if you're only printing them.
try print OUTPUT "$x[1] $x[2] $x[12] $x[16] \n";

~Particle

Comment on Re: parse a log file Select or Download Code

Replies are listed 'Best First'.
Re: Re: parse a log file by Anonymous Monk on Jul 03, 2001 at 21:53 UTC
ORIGINAL INPUT: SEC,6/21/2001,11:48:01,Security,560,Success,Object Access ,S-1-5-21-58 +3907252-1958367476-682003330-1001,CISERFS1,Object Open:^` Object +Server: Security^` Object Type: File^` Object Name: +\Device\HarddiskDmVolumes\PhysicalDmVolumes\BlockVolume2\CISER\Tank\c +ompressed\cret\003\ret72.mdse4.gz^` New Handle ID: 2760^` +Operation ID: {0 3914260}^` Process ID: 1056^` Primary +User Name: CISERFS1$^` Primary Domain: CTC_ITH^` Primar +y Logon ID: (0x0 0x3E7)^` Client User Name: IUSR_CISERFS1^` + Client Domain: CISERFS1^` Client Logon ID: (0x0 0x2E17 +41)^` Accesses READ_CONTROL ^` SYNCHRONIZE ^` + ReadData (or ListDirectory) ^` ReadEA ^` + ReadAttributes ^` ^` Privileges -^` [download]	[reply] [d/l]
Re: Re: Re: parse a log file by particle (Vicar) on Jul 03, 2001 at 22:31 UTC
okay, i won't give it all away, but here's a good start. while(<FILE>) { my @x = split /,\|\^`/; next unless ($x[4] =~ /560/); #we only want the files with 560 print join("\n",@x), "\n"; # debugging print line - remove in prod +uction unless($x[16] =~ /Primary User Name: CISERFS1/) { #only match t +his case print OUTPUT "$x[1] $x[2] $x[12] $x[16] \n"; # or whatever } # unless } # while [download] by the way, you should get a login, so we know who you are when you come back! ~Particle Update: i guess i forgot about the '\' parsing, but i'm not sure just what you want to do. you can split on /\\/, and return the fields you want, put together with join "\\", much like i did in the debug print statement.	[reply] [d/l]