Fellow Monks,
Consider the following log file entry:
Following the advice of my fellow monks I broke up my regexes using qr and came up with this list of regexes:Aug 22 11:46:27 masterudp003210uds.netops.msnyuhealth.org 148526: Aug +22 15:46:26 UTC: %SEC-6-IPACCESSLOGDP: list 101 denied icmp 10.4.12.2 +53 -> 10.7.151.48 :8/0:, 1 packet
No doubt there are useless lines up there as I cut and pasted this from some unit testing that I was doing. So far so good.. right? well... here is a test sniglet that I wrote:my $dtg=qr@[A-Z][a-z]+\s\d+\s\d+:\d+:\d+@; my $thingy=qr([\.\d]+); my $tz=qr([A-Z]{3}); my $ipaddr=qr@\d+\.\d+\.\d+\.\d+@; my $fqdn=qr@[a-zA-Z\-\.]+@; my $timezone = qr@[A-Z]+@; my $fragger = qr@(\%SEC-6-IPACCESSLOGP|\%SEC-6-IPACCESSLOGDP)@; my $list=qr@list\s(\d+)@; my $protocol = qr@(tcp|udp|icmp)@; my $ip_with_port=qr@($ipaddr):(\d+):@; my $arrow = qr @\-\>@; my $time_lapse=qr@\d+d\d+h@; # Something like 6d45h <sigh!> my $metric_ex=qr(\d+:); my $dtg1="Aug 22 11:46:27"; my $month="Aug"; my $monthDay="Aug 22"; my $time="11:46:27"; my $matchMonth=qr([A-Z][a-z]+); my $dateMatch=qr($matchMonth\s\d+); my $matchTime=qr(\d+:\d+:\d+);
It fails to match... Anyone have an idea why?printf "Full String: %s\n",( $full_string =~ m@ ($dateMatch\s$matchTime)\s ($fqdn|$ipaddr)\s $metric_ex\s ($dateMatch\s$matchTime)\s ($timezone):\s $fragger:\s list\s(\d+)\s denied\s($protocol)\s ($ipaddr)\s $arrow\s ($ipaddr)\s :\d+\/\d+\:,\s (\d+)\spacket @x ? "OK":"FAILED" );
A very tired cattle dog style Perl Monk going to bed now.
Peter @ Berghold . Net
Sieze the cow! Bite the day!
Nobody expects the Perl inquisition!
Test the code? We don't need to test no stinkin' code!
All code posted here is as is where is unless otherwise stated.
Brewer of Belgian style Ales
In reply to CISCO Log file pattern matching (again!) by blue_cowdawg
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |