[nycbug-talk] Text parsing question [SOLVED]

maddaemon at gmail.com maddaemon at gmail.com
Fri Jan 2 16:10:18 EST 2009


On Wed, Dec 17, 2008 at 10:16 PM, James E Keenan <jkeen at verizon.net> wrote:
>>
>>
>> For example, here are 2 lines:
>>
>> Dec 15 05:15:56 - abc1234 tried logging in from 192.168.8.17
>> Dec 15 05:15:56 - abc1234 tried logging in from 192.168.18.13
>>
>> where 192.168.8.17 is the Windows DC, and the other is the IIP of the
>> webmail server.
>>
>> I need to remove the line that contains the DC _ONLY_WHEN_ there is a
>> duplicate entry (same timestamp) with another IP.  The text file
>> contains hundreds of other entries, and there are single entries where
>> the DC IP is the only entry.  Using the above examples, I need to
>> remove the first line and only retrieve the second line:
>>
>> Dec 15 05:15:56 - abc1234 tried logging in from 192.168.18.13
>>
>>
>
> Perhaps this:
>
> #!/usr/bin/perl
> use strict;
> use warnings;
>
> my @last = ( '', '', '' );
> my @this;
> my $pattern = qr/^
>     ([a-zA-Z]{3}\s\d{2}\s\d{2}:\d{2}:\d{2}) # date string
>     \s-\s
>     (\w+)                                   # username
>     .*?
>     (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})    # IP address
>     $/x;
>
> while (my $firstline = <DATA>) {
>     if ($firstline =~ /$pattern/) {
>         @last = ( $1, $2, $3 );
>         last;
>     }
> }
>
> while (my $l = <DATA>) {
>     if ($l =~ /$pattern/) {
>         @this = ( $1, $2, $3 );
>         if ( $this[0] eq $last[0] and $this[1] eq $last[1] ) {
>             $last[2] = $this[2];
>         } else {
>             print ( ( join '|' => @last ), "\n" );
>             @last = @this;
>         }
>     }
> }
> print ( ( join '|' => @last ), "\n" );
>
> __DATA__
> Dec 15 05:15:33 - abc1234 tried logging in from 192.168.8.17
> Dec 15 05:15:56 - abc1234 tried logging in from 192.168.8.17
> Dec 15 05:15:56 - abc1234 tried logging in from 192.168.18.13
> Dec 15 05:16:03 - xyz1ahj tried logging in from 192.168.18.43
> Dec 15 05:16:03 - xyz1ahj tried logging in from 192.168.15.220
> Dec 15 05:16:05 - xyz1ahj tried logging in from 192.168.15.220
> Dec 15 05:16:05 - xyz1ahj tried logging in from 192.168.15.221
> Dec 15 05:16:05 - xyz1ahj tried logging in from 192.168.15.79
> Dec 15 05:16:07 - vig1234 tried logging in from 192.168.15.79

My boss finally got around to mucking around with it.  Here it is:

#!/usr/bin/perl
use strict;
use warnings;

my @last = ( '', '', '' );
my @this;
my @addys;
my $line;

# any ip address in the @dcs array will be suppressed if there are duplicates.
my @dcs = ('192.168.8.3', '192.168.8.17');

my $pattern = qr/^
    ([a-zA-Z]{3}\s\d{1,2}\s\d{2}:\d{2}:\d{2}) # date string
    \s-\s
    (\w+)                                   # username
    .*?
    (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})    # IP address
    $/x;

while ($line = <>) {
    if ($line =~ /$pattern/) {
        @last = ( $1, $2);
	push @addys, $3;
        last;
    }
}

while ($line = <>) {
    if ($line =~ /$pattern/) {
        @this = ( $1, $2);
        if ( $this[0] eq $last[0] and $this[1] eq $last[1] ) {
            push @addys, $3;
        }
        else {
	    if ($#addys == 0) {
		print "$last[0] - $last[1] tried logging in from $addys[0]\n";
            }
            else {
                my $flag;
                for my $addy (@addys) {
                    $flag = 0;
                    for my $dc (@dcs) {
                        if ($addy eq $dc) {$flag = 1;}
                    }
                    if (not $flag) {
  		        print "$last[0] - $last[1] tried logging in from $addy\n";
                    }
                }
            }
            @addys = ($3);
        }
        @last=@this;
     }
}

for my $addy (@addys) {
    my $flag = 0;
    for  my $dc (@dcs) {
       if ($addy eq $dc) {$flag = 1;}
    }
    if (!($flag)) {
       print "$this[0] - $this[1] tried logging in from $addy\n";
    }
}



More information about the talk mailing list