[LA.pm] little help??
FamiLink Admin
webmaster at familink.com
Wed Sep 28 10:14:37 PDT 2005
Hello all. Please let me know if this is a good place for my questions.
I am trying to read a log file and get a list of how many times an IP address get blocked each hour by category PO. An example line in the log with a block is:
-------------
[2005-09-28 10:05:03 -7:00] 127.0.0.1 71.32.59.249 216.163.137.3 - http://www.playboy.com/ blocked 0 PO
-------------
What I have kinda works but I am not sure if it is the best practice. This is the first time programming in perl and this is what I have so far:
sub Scanlog {
local($ipb) = @_;
open my $slog, "-|", "tail -n 50000 $log" or die "Unable to open $log:$!\n";
open (OUTPUT,">/etc/squid/iplist.txt");
open (OUTPUT2,">/etc/squid/SuspendIpList.txt");
while (<$slog>){ # assigns each line in turn to $_
# use an array slice to select the fields we want
@data = (split ,$_)[1,4,10,5,7];
$hr = (split /:/ ,$data[0])[0];
$ip = "$data[1]";
if($flag eq $data[2]){
if($hr eq $hour){
foreach (/$data[2]/){
$matches += 1 ;
}
if($matches > $blocklimit){
$ip1 = "$data[1]/32";
print OUTPUT "$matches,", "$hour, ","$ip1, ", "@data","\n";
print OUTPUT2 "$ip1\n";
$matched = $matches;
$matches = 0;
}}}}
close (OUTPUT);
close (OUTPUT2);
-------------------
I will take and help I can get.
Ryan Lamberton
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pm.org/pipermail/losangeles-pm/attachments/20050928/d022dd9a/attachment.html
More information about the Losangeles-pm
mailing list