Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Help to parse syslog with perl
Top Forums Shell Programming and Scripting Help to parse syslog with perl Post 303037309 by Chubler_XL on Monday 29th of July 2019 04:17:59 PM
Old 07-29-2019
Try this:

Code:
#!/usr/bin/env perl
use strict;
use warnings;
while( <> ) {
    if ( /^(?=.*eventtime=(\S+))(?=.*srcip=(\S+))(?=.*srcport=(\S+))
           (?=.*dstip=(\S+))(?=.*dstport=(\S+))(?=.*sessionid=(\S+))
           (?=.*action=(\S+))(?=.*policyid=(\S+))(?=.*service=(\S+))
           (?=.*dstcountry=("[^"]+"|\S+))(?=.*transip=(\S+))
           (?=.*transport=(\S+))(?=.*duration=(\S+)).*$/x ) {
            print "$1|$2|$3|$4|$5|$6|$7|$8|$9|$10|$11|$12|$13\n";
                }
                }

--- Post updated at 07:17 AM ---

Or if the quote are always there you can drop the |\S+ and if you want to strip the quotes use (?=.*dstcountry="([^"]+)")
Last edited by Chubler_XL; 07-29-2019 at 05:11 PM.. Reason: wrap long line
This User Gave Thanks to Chubler_XL For This Post:
arm
 

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

CSV File parse help in Perl

Folks, I have a bit of an issue trying to obtain some data from a csv file using PERL. I can sort the file and remove any duplicates leaving only 4 or 5 rows containing data. My problem is that the data contained in the original file contains a lot more columns and when I try ro run this script... (13 Replies)
Discussion started by: lodey
13 Replies

2. Shell Programming and Scripting

Perl Parse Word Cksum help

Hi all, I'm attempting to parse through a .bin file word by word and perform a cksum on each word using perl. I'm new to perl so I dont exactly know how to get started. Any help would be greatly appreciated. Thanks! (1 Reply)
Discussion started by: TeamUSA
1 Replies

3. Shell Programming and Scripting

perl parse line

Dear all anyone willling to help me..i have try so many time but still failed to get the ip address for line when i print the line is like below Connected to 192.168.1.13 #!/usr/local/bin/perl foreach $line(@lines){ if ($line =~ /connected to/) { $line=~/connected to(.*?) /; ... (2 Replies)
Discussion started by: netxus
2 Replies

4. Shell Programming and Scripting

Perl Parse

Hi I'm writing simple perl script to parse the ftp log as below: Local directory now /home/user/testing 227 Entering Passive Mode (192,254,19,34,8,228). 125 Data connection already open; Transfer starting. 09-25-09 02:33PM 25333629 abc.tar 09-14-09 12:50PM 18015752... (1 Reply)
Discussion started by: netxus
1 Replies

5. Shell Programming and Scripting

perl parse log

Hi anyone can help.how can i get all second column data in this log below?? x 799002577959.pdf, 25728 bytes, 51 tape blocks x 800002357216.pdf, 25728 bytes, 51 tape blocks x aadb090910.txt, 80424 bytes, 158 tape blocks x tsese090909.txt, 13974 bytes, 28 tape blocks (4 Replies)
Discussion started by: netxus
4 Replies

6. Shell Programming and Scripting

Parse file contents in perl...

Hi, I have the file like this: #Contents of file 1 are: Dec 10 12:33:44 User1 Interface: Probe Dec 10 12:33:47 uSER1 SOME DATA Dec 10 12:33:47 user1 Interface: MSGETYPE Dec 10 12:34:48 user1 ID: 10. Dec 10 12:33:55 user1 Interface: MSGTYPE Dec 10 12:33:55 user1 Id: 9 ... (1 Reply)
Discussion started by: vanitham
1 Replies

7. Shell Programming and Scripting

Perl parse error

Hello there, I em executing the following command in a perl script to append "\0" to the end of every line in a file: ###command start my $cmd = qx{"C:\\gawk" '{print $0 "\\\0"}' C:\file.txt > C:\file_1.txt}; ###command end But i get the following error: ###error meaasge start... (2 Replies)
Discussion started by: nmattam
2 Replies

8. Programming

Perl parse string

Hi Perl Guys I have another perl question I have the following code that i have written Getopt::Long::config(qw( permute bundling )); my $OPT = {}; GetOptions($OPT, qw( ver=s help|h )) or die "options parsing failed"; This will allow the user to do something like... (4 Replies)
Discussion started by: ab52
4 Replies

9. Shell Programming and Scripting

Perl :: to parse the data from a string.

Hi folks, I have a line in log from which I need to parse few data. Jul 6 00:05:58 dg01aipagnfe01p %FWSM-3-106011: Deny inbound (No xlate) From the above... I need to parse the %FWSM-3-106011: substring. Another example Jul 13 00:08:55 dq01aipaynas01p %FWSM-6-302010: 2 in use, 1661... (3 Replies)
Discussion started by: scriptscript
3 Replies

10. Shell Programming and Scripting

Perl to parse

The below code works great to parse out a file if the input is in the attached SNP format ">". perl -ne 'next if $.==1; while(/\t*NC_(\d+)\.\S+g\.(\d+)()>()/g){printf("%d\t%d\t%d\t%s\t%s\n",$1,$2,$2,$3,$4,$5)}' out_position.txt > out_parse.txt My question is if there is another format in... (10 Replies)
Discussion started by: cmccabe
10 Replies

LEARN ABOUT DEBIAN

lire::syslog

Syslog(3pm)						  LogReport's Lire Documentation					       Syslog(3pm)

NAME

       Lire::Syslog - syslog style lines parser

SYNOPSIS

       use Lire::Syslog;

       my $parser = new Lire::Syslog;

       my $rec = $parser->parse( $line );

DESCRIPTION

       This module defines objects able to parse logs coming from several flavours of logging daemon.

       It currently supports the following syslog file formats:

       Classic BSD syslog daemon
	   The "classic" BSD syslog format:

	       MMM DD HH:MM:SS Hostname Message

       Solaris 8 syslog daemon
	   The Solaris 8 syslog daemon also includes the facility and level:

	       MMM DD HH:MM:SS Hostname Process[Pid]: [ID DDDDDD Facility.Level] Message

       Netscape Messaging Server logging daemon
	   The syslog daemon that comes with Netscape Messaging Server uses a date in common log format:

	       [DD/MMM/YYYY:HH:MM:SS +ZZZZ] Hostname Process[Pid]: Facility Level: Message

       WebTrends syslog daemon
	   The format used by the syslog daemon that comes with WebTrends:

	       WTsyslog[YYYY-MM-DD HH:MM:SS ip=HOSTNAME pri=WT_PRIORITY] <XX>Message

       Kiwi Syslog (ISO date format)
	   The ISO log file formats used by the Kiwi Syslog daemon (http://www.kiwisyslog.com/info_sysd.htm), a logging daemon often encountered
	   on Win32 platforms:

	       YYYY-MM-DD HH:MM:SS [TAB] Facility.Level [TAB] Hostname [TAB] Message

       Kiwi Syslog (US date format)
	   The US date format used by the Kiwi Syslog daemon:

	       MM-DD-YYYY HH:MM:SS [TAB] Facility.Level [TAB] Hostname [TAB] Message

       Kiwi Syslog (DD-MM-YYY date format)
	   The DD-MM-YYYY date format used by the Kiwi Syslog daemon:

	       DD-MM-YYYY HH:MM:SS [TAB] Facility.Level [TAB] Hostname [TAB] Message

       Sendmail Switch logging daemon
	   The format used by the logging daemon coming with Sendmail Switch on Win32 platforms:

	       MM/DD/YY HH:MM:SS Process(Pid): Level: Message

       RFC 3164-compliant Syslog daemon
	   A format from RFC 3164-compliant Syslog daemons which includes the encoded priority and the year in the date.  RFC 3164 defines the
	   "BSD Syslog Protocol".

	       <Priority>MMM DD YYYY HH:MM:SS: Process[Pid]: Message

       The first time the parse() method is used, the parser will try each of the supported formats to detect the syslog format. If no format
       matches, the module will call lr_err() and abort the program. Each other parse() invocation will use the same format.

       The parse() method will return an hash reference which contains the following keys:

       timestamp
	   The timestamp of the event.

       hostname
	   The name or IP address of the host that sended the message.

       process
	   The "process" that logged the event. Formally, the syslog message doesn't contain a process field but its usually the first word coming
	   before a colon in the message's content.

       pid The PID of the process that logged the event. This is usually what is between [] in the process part of the message.

       identifier
	   This key is only present when the log comes from a Solaris 8 syslog daemon. It contains the identifier that comes after ID in the
	   message.

       facility
	   The syslog facility (kern, mail, local0, etc.) of the message. This isn't supported in all file formats so this key might be
	   unavailable.

       level
	   The syslog level (emerg, info, notice, etc. ) of the message. This isn't supported in all file formats so this key might be
	   unavailable.

       content
	   The actual syslog message (with the process and pid removed). Many network devices will also have another BSD-style timestamp at the
	   beginning of the message. If present, it will also be removed.

USAGE

	package Lire::Foo;

	use base qw/ Lire::Syslog /;

	sub parse {
	   my $self = shift;
	   my $line = shift;

	   # this runs parse from Lire::Syslog, setting keys like 'day', 'process'
	   # and 'hostname'
	   my $rec = $self->SUPER::parse($line);

	   $rec->{'foo'} = dosomethingwith( $rec->{'content'} );

	   return $rec
	}

       Now, one can run in a script

	my $parser = new Lire::Foo();

	while ( <> ) {
	   chomp;
	   my $log = $parser->parse( $line );
	}

       which sets $log->{'day'}, ... $log->{'process'} and $log->{'foo'}.

SEE ALSO

       Lire::Email(3)

AUTHORS

	 Joost van Baal, Francis J. Lacoste.  Initial idea by Joost Kooij

VERSION

       $Id: Syslog.pm,v 1.15 2006/07/23 13:16:30 vanbaal Exp $

COPYRIGHT

       Copyright (C) 2000-2002 Stichting LogReport Foundation LogReport@LogReport.org

       This file is part of Lire.

       Lire is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free
       Software Foundation; either version 2 of the License, or (at your option) any later version.

       This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.

       You should have received a copy of the GNU General Public License along with this program (see COPYING); if not, check with
       http://www.gnu.org/copyleft/gpl.html.

Lire 2.1.1							    2006-07-23							       Syslog(3pm)
All times are GMT -4. The time now is 08:23 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy