Front page | perl.beginners |
Postings from December 2002
Re: Super Newbie Q
Thread Previous
|
Thread Next
From:
Wiggins d'Anconia
Date:
December 8, 2002 13:08
Subject:
Re: Super Newbie Q
Message ID:
3DF38B2B.1020905@danconia.org
Alan Moote wrote:
> Hey gang,
>
> As you will soon see, I am quite new to Perl. I am
> trying to out put a list of IPs that are trying to
> access cmd.exe on my webserver. The problem is, when
> I run the script against my access_log the output is a
> bunch of blank lines. Here's the script so far:
>
>
> #!/usr/bin/perl -w
use strict;
> ## Use pattern matching to find IPs that have searched
> for "cmd.exe"
>
> ## Example log lines:
> ## 24.150.82.42 - - [08/Dec/2002:08:47:46 -0500] "GET
> /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 293 "-"
> "-"
> ## 24.150.82.42 - - [08/Dec/2002:08:47:48 -0500] "GET
> /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 293 "-"
> "-"
> ## 24.150.82.42 - - [08/Dec/2002:08:47:51 -0500] "GET
> /scripts/..%255c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 307 "-" "-"
>
> $LogFile=$ARGV[0];
>
> ## Open the file called from command line, die with
> error if not readable
>
> open(ACCLOG, "<$LogFile") || die "Cannot open
> $LogFile\n";
>
better to use 'or' here instead of '||' -> precedence.
> while(<ACCLOG>) {
>
> /(^[0-9]{1-3}\.[0-9]{1-3}\.[0-9]{1-3}\.[0-9]{1-3})*.cmd\.exe*.$/g;
instead of *. I believe you want .* for both occurrences in the above line.
> print "$1\n";
> }
>
> close(ACCLOG);
>
>
> It's not much, and to me, it looks right, but
> obviously I am overlooking some details.
> Any ideas?
http://danconia.org
Thread Previous
|
Thread Next