Re: Script Help

If the text within your OP represents a single line from a closed log file, i.e., if you are not trying to tail a constantly growing log file, the following might represent a possible approach to a solution (untested):

use warnings;
use strict;

my $log_file  = 'file.log';
my $uid       = 'xy1234';
my $threshold = 20;
my @occurrences;

open my $fh_log, '<', $log_file or die "opening $log_file: $!";

LINE:
while (defined(my $line = <$fh_log>)) {
  next LINE unless $line =~ m{ uid=$uid }xms;
  push @occurrences, $line;  
  }

close $fh_log or die "closing $log_file: $!";

if (@occurrences > $threshold) {
  print "occurrences for $uid above $threshold \n";
  print @occurrences;
  }
[download]

Of course, the print statements at the very end will have to be replaced with code to compose and send an appropriate e-mail message, etc., but I assume you know how to do that. (In any event, I'm not the best one to ask about that.)

Comment on Re: Script Help Select or Download Code

Replies are listed 'Best First'.
Re^2: Script Help by Anonymous Monk on Jan 22, 2010 at 04:11 UTC
Thanks for the response, yes i can configure the mail-sending part of it. Here are my comments wrt your suggested script : - Although the log file is growing, but the alert would be based on snap shot of current content. - $uid , we cannot set this variable, and we're not sure of the user, that is the first thing we need to find. I mean logically, the script will scan through log file, pick every uid, then count number of occurrences, if the occurrence goes above the threshold, send an alert. Please help me in this regard. Regards, Pamela	[reply]
Re^3: Script Help by AnomalousMonk (Archbishop) on Jan 22, 2010 at 04:50 UTC
Again assuming you are processing a static file, I would tend to attack the problem this way: Define a regex to recognize and extract a unique UID. Something like `my ($uid) = $line =~ m{ <uid= (\w+) }xms;` seems like a good first guess. Define a regex to recognize (and, if necessary, to extract) whatever an 'occurrence' may be. If both a UID and an occurrence occur in a line, increment a UID count as appropriate to the occurence. This may be as simple as `my %occurrences;` `# enter line processing loop` `# ..., recognize occurrence, extract UID from line, ...` `$occurrence{$uid}++;` `# process next line, etc.` if all occurrences have equal weight. When all lines in the file are processed, loop through the hash and send an appropriate message for each UID for which the count of occurrences exceeds the specified threshold.	[reply] [d/l] [select]