Re: Parse IRC log

In article <20080626103950.24199.qmail@xxxxxxxxxxxxxxxxxxxx>, Rara
<pleasepost@xxxxxxxxxxx> wrote:

Hello all,


I need to parse IRC logs for IPs. The format would be @ then host
followed by either ) or ], some may contain unwanted spaces. If the host
is not an IP, I would need to have it converted to an IP. The resulting
IPs would then have to be looped through Net::DNSBLLookup, with and
finally outputted to a file. Thank you for your consideration on the matter.

You can open a file for reading using open:

open( my $fh, '<', $filename ) or die("Can't open $filename: $!");

You can then read the file line-by-line by using the input operator
(<>) in a while loop:

while( my $line = <$fh> ) {

For each line, you can search for the pattern @ character followed by
some number of characters that are not either ) or ], followed by
either a ) or ], and extract the characters using a regular expression:

if( $line =~ /\@([^)\]]+)[)\]]/ ) {
my $host = $1;

You can trim unwanted spaces with tr:

$host =~ tr/ //d;

You can check to see if the host string is a numerical IP address or a
name:

if( $host =~ /^[\d.]+$/ ) {
# host is numerical
}else{
# host is a name -- look up numerical address
}

You can create a new file using open:

open( my $outh, '>', $out ) or die("Can't open $out for writing: $!");

and print lines to it with print:

print $outh "Host is $host\n";

The files will be closed automatically at the end of your program, but
you can close them explicitly and thereby check for errors:

close($outh) or die("Error closing $out: $!");

You can read about these and other Perl functions using the built-in
documentation, e.g.:

perldoc -f open
perldoc -f print
perldoc perlsyn
perldoc perlre

Good luck!

--
Jim Gibson

Posted Via Usenet.com Premium Usenet Newsgroup Services
----------------------------------------------------------
http://www.usenet.com
.

Relevant Pages

  • Re: I dont understand the Net::Telnet error
    ... problem connecting to host: pattern match timed-out at ./ ... perldoc Net::Telnet: ...
    (comp.lang.perl.misc)
  • Re: Change SSH port? why does this seem to be safer?
    ... >> I also run portsentry, which blocks out IPs that try to do port scans. ... >> Once a host has scanned a few ports, that host gets added to my ... reason to take interest in it. ...
    (comp.os.linux.security)
  • Re: DNS port flooding
    ... implemented some very basic ACLs to block the offending IPs as they hit us. ... I've blocked 6 or 8 IPs now and am looking for a better long term solution. ... access-list 101 deny udp host x.x.x.x any eq domain ...
    (comp.dcom.sys.cisco)
  • Re: host-based ips ?
    ... a good host based IPS need a secureOS to support it. ... a frame work named LSMis very useful to implement a secure Linux OS which already in kernel 2.5.x. ... > LIDS secure linux kernel ...
    (Focus-IDS)
  • Re: .1 Microsecond Synchronization
    ... GB network that is only 10 characters, ... interupt coalescing in GbE and higher NICs can cause frames which were ... otherwise spread-out on the network to appear to the host to arrive at ...
    (comp.protocols.time.ntp)