Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Help to parse syslog with perl
Top Forums Shell Programming and Scripting Help to parse syslog with perl Post 303037305 by arm on Monday 29th of July 2019 02:27:20 PM
Old 07-29-2019
Help to parse syslog with perl
[QUOTE=arm;303037305]logver=56 idseq=63256900099118326 itime=1563205190 devid=FG-5KDTB18800138 devname=LAL-C1-FGT-03 vd=USER date=2019-07-15 time=18:39:49 logid="0000000013" type="traffic"
subtype="forward" level="notice" eventtime=1563205189 srcip=11.3.3.17 srcport=50544 srcintf="SGI-CORE.123" srcintfrole="undefined" dstip=12.0.1.1 dstport=443 dsti
ntf="FA-SPI.100" dstintfrole="undefined" poluuid="230d4d26-AAAA-51e9-b9d1-7bf4c828f000" sessionid=20639817 proto=6 action="server-rst" policyid=10 policytype="policy" s
ervice="HTTPS" dstcountry="United State" srccountry="Reserved" trandisp="snat" transip=11.1.1.1 transport=5092 duration=71 sentbyte=093 rcvdbyte=213 sentpkt=11 rcv
dpkt=16 appcat="unscanned"

I used below script to parsing 1000000 records
Code:
#!/usr/bin/env perl
use strict;
use warnings;
while( <> ) {
    if ( /^(?=.*eventtime=(\S+))(?=.*srcip=(\S+))(?=.*srcport=(\S+))(?=.*dstip=(\S+))(?=.*dstport=(\S+))(?=.*sessionid=(\S+))(?=.*action=(\S+))(?=.*policyid=(\S+))(?=.*service=(\S+))(?=.*dstcountry=(\S+))(?=.*transip=(\S+))(?=.*transport=(\S+))(?=.*duration=(\S+)).*$/ ) {
            print "$1|$2|$3|$4|$5|$6|$7|$8|$9|$10|$11|$12|$13\n";
                }
                }


the problem here is didn't manage to find the correct "regular expression" to match dstcountry , what I need is to give me "United State" not "United

1563205189|11.3.3.17|50544|12.0.1.1 |443|20585519|"server-rst"|10|"HTTPS"|"United|11.1.1.1|5092|71
 

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

CSV File parse help in Perl

Folks, I have a bit of an issue trying to obtain some data from a csv file using PERL. I can sort the file and remove any duplicates leaving only 4 or 5 rows containing data. My problem is that the data contained in the original file contains a lot more columns and when I try ro run this script... (13 Replies)
Discussion started by: lodey
13 Replies

2. Shell Programming and Scripting

Perl Parse Word Cksum help

Hi all, I'm attempting to parse through a .bin file word by word and perform a cksum on each word using perl. I'm new to perl so I dont exactly know how to get started. Any help would be greatly appreciated. Thanks! (1 Reply)
Discussion started by: TeamUSA
1 Replies

3. Shell Programming and Scripting

perl parse line

Dear all anyone willling to help me..i have try so many time but still failed to get the ip address for line when i print the line is like below Connected to 192.168.1.13 #!/usr/local/bin/perl foreach $line(@lines){ if ($line =~ /connected to/) { $line=~/connected to(.*?) /; ... (2 Replies)
Discussion started by: netxus
2 Replies

4. Shell Programming and Scripting

Perl Parse

Hi I'm writing simple perl script to parse the ftp log as below: Local directory now /home/user/testing 227 Entering Passive Mode (192,254,19,34,8,228). 125 Data connection already open; Transfer starting. 09-25-09 02:33PM 25333629 abc.tar 09-14-09 12:50PM 18015752... (1 Reply)
Discussion started by: netxus
1 Replies

5. Shell Programming and Scripting

perl parse log

Hi anyone can help.how can i get all second column data in this log below?? x 799002577959.pdf, 25728 bytes, 51 tape blocks x 800002357216.pdf, 25728 bytes, 51 tape blocks x aadb090910.txt, 80424 bytes, 158 tape blocks x tsese090909.txt, 13974 bytes, 28 tape blocks (4 Replies)
Discussion started by: netxus
4 Replies

6. Shell Programming and Scripting

Parse file contents in perl...

Hi, I have the file like this: #Contents of file 1 are: Dec 10 12:33:44 User1 Interface: Probe Dec 10 12:33:47 uSER1 SOME DATA Dec 10 12:33:47 user1 Interface: MSGETYPE Dec 10 12:34:48 user1 ID: 10. Dec 10 12:33:55 user1 Interface: MSGTYPE Dec 10 12:33:55 user1 Id: 9 ... (1 Reply)
Discussion started by: vanitham
1 Replies

7. Shell Programming and Scripting

Perl parse error

Hello there, I em executing the following command in a perl script to append "\0" to the end of every line in a file: ###command start my $cmd = qx{"C:\\gawk" '{print $0 "\\\0"}' C:\file.txt > C:\file_1.txt}; ###command end But i get the following error: ###error meaasge start... (2 Replies)
Discussion started by: nmattam
2 Replies

8. Programming

Perl parse string

Hi Perl Guys I have another perl question I have the following code that i have written Getopt::Long::config(qw( permute bundling )); my $OPT = {}; GetOptions($OPT, qw( ver=s help|h )) or die "options parsing failed"; This will allow the user to do something like... (4 Replies)
Discussion started by: ab52
4 Replies

9. Shell Programming and Scripting

Perl :: to parse the data from a string.

Hi folks, I have a line in log from which I need to parse few data. Jul 6 00:05:58 dg01aipagnfe01p %FWSM-3-106011: Deny inbound (No xlate) From the above... I need to parse the %FWSM-3-106011: substring. Another example Jul 13 00:08:55 dq01aipaynas01p %FWSM-6-302010: 2 in use, 1661... (3 Replies)
Discussion started by: scriptscript
3 Replies

10. Shell Programming and Scripting

Perl to parse

The below code works great to parse out a file if the input is in the attached SNP format ">". perl -ne 'next if $.==1; while(/\t*NC_(\d+)\.\S+g\.(\d+)()>()/g){printf("%d\t%d\t%d\t%s\t%s\n",$1,$2,$2,$3,$4,$5)}' out_position.txt > out_parse.txt My question is if there is another format in... (10 Replies)
Discussion started by: cmccabe
10 Replies

LEARN ABOUT DEBIAN

proxytunnel

PROXYTUNNEL(1)						      General Commands Manual						    PROXYTUNNEL(1)

NAME

       proxytunnel - program to tunnel a connection throught an standard HTTPS proxy.

SYNOPSIS

       proxytunnel [options]

DESCRIPTION

       This manual page documents the proxytunnel command.

       proxytunnel is a program that open a tunnel through a HTTPS proxy.

OPTIONS

       This program follow the usual GNU command line syntax, with long options starting with two dashes (`-').

       -h, --help
	      Print help and exit.

       -V, --version
	      Print the version of the program and exit.

       -i, --inetd
	      Run from inetd. Default is off.

       -a PORT, --standalone=PORT
	      Run as standalone daemon on specified port.

       -p host:port, --proxy=host:port
	      The local HTTPS proxy host:port combo to connect to.

       -r host:port, --remproxy=host:port
	      The second-level (remote) proxy host:port to connect to when using two proxies.

       -d host:port, --dest=host:port
	      The destination host:port to built the tunnel to.

       -e, --encrypt
	      Encrypt the data between the local proxy and the destination using SSL.

       -E, --encrypt-proxy
	      Encrypt the data between the client and the local proxy using SSL.

       -B, --buggy-encrypt-proxy
	      Encrypt  the  data  between  the	client and the local proxy using SSL, but stop using SSL immediately after the CONNECT exchange to
	      workaround server bugs.  (Might not work on all setups; see /usr/share/doc/proxytunnel/README.Debian.gz for more details.)

       -X, --encrypt-remproxy
	      Encrypt the data between the local proxy and the second-level proxy using SSL.

       -F STRING, --passfile=STRING
	      The file containing Username & Password to send to HTTPS proxy for authentification.  This file uses the same format as .wgetrc, and
	      so  can use the credentials in common with wget.	This option can be used to at least hide the password from anyone clever enough to
	      use the `ps' command.

       -P user:pass, --proxyauth=user:pass
	      The credentials to use for local HTTP(S) proxy authentication.

       -R user:pass, --remproxyauth=user:pass
	      The credentials to use for remote HTTP(S) proxy authentication.

       -N, --ntlm
	      Use NTLM-based authentication.

       -t DOMAIN, --domain=DOMAIN
	      The NTLM domain to use, default is to autodetect.

       -H STRING, --header=STRING
	      Additional HTTP headers to send to the proxy.

       -x STRING, --proctitle=STRING
	      Use a different process title.

       -v, --verbose
	      Turn on verbosity. Default is off.

       -q, --quiet
	      Suppress messages. Default is off.

NOTES

       To use this program with OpenSSH to connect to a host somewhere, create a $HOME/.ssh/config file with the following content:

       Host foobar
	    ProtocolKeepAlives 30
	    ProxyCommand /usr/bin/proxytunnel -p proxy.customer.com:8080
	       -P user:password -d mybox.athome.nl:443

       If your proxy doesn't require the username and password for using it, you can skip these options.

       If you want to run proxytunnel from inetd add the '--inetd' option.

       Most HTTPS proxies do not allow access to ports other than 443 (HTTPS) and 563 (SNEWS), so some hacking is necessary to start the SSH  dae-
       mon on the required port. (On the server side add an extra Port statement in the sshd_config file)

AUTHOR

       This  manual  page was written by Loic Le Guyader <loic.leguyader@laposte.net> and updated by Julian Gilbey <jdg@debian.org> for the Debian
       GNU/Linux system (but may be used by others).

								  August 30, 2009						    PROXYTUNNEL(1)
All times are GMT -4. The time now is 09:54 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy