Re^6: Real time log parser

Sorry for such code, I'm just getting starting with perl and on perlmonks.org. So, line that should be passed to a ban() script as is, if regexp matches:

1325521875.165 93 127.0.0.1 TCP_MISS/302 667 GET http://www.google.co.uk/sorry/?continue=http://www.google.co.uk/search%3Fq%3Just+an+axample - ROUNDROBIN_PARENT/proxy_218 text/html

my @cutoff = grep /proxy_/,@_;
s/ROUNDROBIN_PARENT\///g for @cutoff;
@cutoff = grep /@cutoff/,@cfg;
[download]

Should left in @cutoff after second line: proxy_218 In third line script must search against squid.conf strings with proxy_218, and it shuould find:

cache_peer 111.222.121.1 parent 60099 0 no-query no-digest originserver name=proxy_218 round-robin login=login:pass connect-timeout=3

cache_peer_access proxy_218 allow all

These lines must be moved to some file, and squid must be reloaded. I've executed my script like this:

# ./MY__SCRIPT.pl 1325521875.165 93 127.0.0.1 TCP_MISS/302 667 GET http://www.google.co.uk/sorry/?continue=http://www.google.co.uk/search%3Fq%3Just+an+axample - ROUNDROBIN_PARENT/proxy_218 text/html

Comment on Re^6: Real time log parser Download Code

Replies are listed 'Best First'.
Re^7: Real time log parser by Eliya (Vicar) on Jan 02, 2012 at 22:51 UTC
Your main problem is that you need to split the line you're passing to `ban()` `m\|/sorry/\| && ban(split ' ', $_);` [download] With that input, your above three lines would start to make some sense. Thing is that, in contrast to command line arguments, a string you pass as one parameter to a subroutine is not automatically split. I.e., when you say on the command line `# ./script.pl foo bar baz` [download] you get the three words "foo", "bar", "baz" as separate elements in the array `@ARGV` (which I suppose you were using in the working command line version in place of `@_`). This is because the shell splits the command line on whitespace, before the arguments are placed in `@ARGV`. OTOH, when you pass "foo bar baz" as a single string to a subroutine, it is left as is, so the array `@_` holds one element, which is the entire string. In other words, after your `grep` for `/proxy_/`, you still have the entire string in `@cutoff` — and the rest of the code stops working... That said, you could also leave your `ban($_)` call as is, and simply extract the relevant part of the string with a regex capture: `sub ban { my $line = shift; ... my ($proxy) = $line =~ m\| - \S+/(proxy_\S+)\|; my @cutoff = grep /$proxy/, @cfg; ...` [download]	[reply] [d/l] [select]
Re^8: Real time log parser by kazak (Beadle) on Jan 03, 2012 at 10:33 UTC
Thank you for all your efforts, it seems we've almost got it working. But there is one thing that bothers me now: Script works correct, but only once. It can detect one event and even handle it correctly, but if second event occurs, it doubles ( it writes a second copy of the squid.conf to the same file) squd.conf and grey.list files, and squid quits with an error. The weird thing that filehandles are open for a writing and not for appending, it means that any content should be rewritten with the new one. So I think the problem is in @cfg array, it's getting doubled somehow. #!/usr/bin/perl # Squid reconfiguration script rev: 0.91 # use File::Tail; sub ban { open( CFG, "<", "/etc/squid/squid.conf" ); while ( <CFG> ) { push @cfg, $_; } close(CFG); #my $line = shift; #my ($proxy) = $line =~ m\| - \S+/(proxy_\S+)\|; #my @cutoff = grep /$proxy/, @cfg; my @cutoff = grep /proxy_/,@_; s/ROUNDROBIN_PARENT\///g for @cutoff; @cutoff = grep /@cutoff/,@cfg; open( GREY, ">>", "/etc/squid/all.grey" ); if (@cutoff) { print GREY @cutoff; print GREY "10\n"; } close (GREY); print "Banned parrent: @cutoff\n"; print " Strings with parrent in conf: @cutoff\n"; open( EXC, ">", "/etc/squid/squid.conf" ); my %dels = map { $_ => 1 } @cutoff; @cfg = grep !$dels{$_}, @cfg; print EXC @cfg; close (EXC); @args = ("/etc/init.d/squid", "reload"); system(@args) == 0 or die "system @args failed: $?" ; } my $name = "/var/log/squid/access.log"; my $ref=tie *FH,"File::Tail",(name=>$name, maxinterval=>1); while (<FH>) { m\|/sorry/\| && ban (split ' ',$_); } [download]	[reply] [d/l]
Re^9: Real time log parser by Eliya (Vicar) on Jan 03, 2012 at 10:51 UTC
You need to clear `@cfg` before pushing items onto it (i.e., simply use a lexical variable): `sub ban { open( CFG, "<", "/etc/squid/squid.conf" ); my @cfg; # <-- while ( <CFG> ) { push @cfg, $_; } ...` [download]	[reply] [d/l] [select]