Hello everyone. I am new to Perl, but I have been working with it to understand it and eventually have a very strong grasp of it. I know the basics on how to write a perl script, but I have been given a task that will require me to write a pretty difficult perl script. Being that I am new and learning Perl, I have decided to ask for some guidance.

Before I go on, I want to say a few things: First, "please do not write the Perl script for me". This is a great opportunity for me to learn and I would like to do it on my own. I am asking for some guidance and tips to help me, not only get started, but write this script.

Alright, here is what I am attempting to do. I want to setup a Perl script to extract certain parts of information from our firewall log. Specifcially, my manager wants me to set it up so any attempts trying to get in through ftp, ping or our proxy.

Right now, the firewall logs are stored on a Windows 2000 machine. The logs themselves have a ending with .wgl, standing for watchguard log. (Watchguard is the company...)

I would like to transfer the files over to a Linux box, run a Perl script on the log at night (Through cron) to extract the information that I want. Here is a snip from the firewall log, of what I am attempting to extract from the log:

03/13/03 16:44:56 kernel Temporarily blocking host 212.241.116.21
03/13/03 16:44:57 firewalld[103] deny in eth0 48 tcp 20 117 212.241.11
+6.21 209.126.xxx.xxx 4449 80 syn (LO-Proxied-HTTP)

[download]
Before I go on, I put the firewall log onto a Linux server so I could see what type of file it is. Here is what it is:

[tuxexdo@backupstorage]$ file 192.168.1.1-2003-03-17-12-28-30.wgl
192.168.1.1-2003-03-17-12-28-30.wgl: data

[download]
So it's a data file.

First question: Is it possible, to extract the information that I want from this file through Perl?

Thanks everyone.

Tarballed

In reply to Extracting data from a firewall log by Anonymous Monk

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.