Re: Super Newbie Q

Alan moote wrote:
> 
> Hey gang,
> 
> As you will soon see, I am quite new to Perl.  I am
> trying to out put a list of IPs that are trying to
> access cmd.exe on my webserver.  The problem is, when
> I run the script against my access_log the output is a
> bunch of blank lines.  Here's the script so far:
> 
> #!/usr/bin/perl -w
> ## Use pattern matching to find IPs that have searched
> for "cmd.exe"
> 
> ## Example log lines:
> ## 24.150.82.42 - - [08/Dec/2002:08:47:46 -0500] "GET
> /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 293 "-"
> "-"
> ## 24.150.82.42 - - [08/Dec/2002:08:47:48 -0500] "GET
> /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 293 "-"
> "-"
> ## 24.150.82.42 - - [08/Dec/2002:08:47:51 -0500] "GET
> /scripts/..%255c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 307 "-" "-"
> 
> $LogFile=$ARGV[0];
> 
> ## Open the file called from command line, die with
> error if not readable
> 
> open(ACCLOG, "<$LogFile") || die "Cannot open
> $LogFile\n";

You should include the $! variable in the error message so you know why
it failed.


> while(<ACCLOG>) {
> 
> /(^[0-9]{1-3}\.[0-9]{1-3}\.[0-9]{1-3}\.[0-9]{1-3})*.cmd\.exe*.$/g;
                                                    ^^        ^^
*. should be .* and the /g modifier isn't used.


>         print "$1\n";

You shouldn't use the dollar-digit variables unless you verify that the
regular expression matched.


> }
> 
> close(ACCLOG);
> 
> It's not much, and to me, it looks right, but
> obviously I am overlooking some details.
> Any ideas?


This should do what you want.

#!/usr/bin/perl -w
use strict;

while ( <> ) { # automaticaly opens files in @ARGV
    if ( /\bcmd\.exe\b/ and /^(\d{1,3}(?:\.\d{1,3}){3})\s/ ) {
        print "$1\n";
        }
    }




John
-- 
use Perl;
program
fulfillment

• Super Newbie Q by Alan Moote
• Re: Super Newbie Q by John W. Krahn
• Re: Super Newbie Q by Alan Moote
• Re: Super Newbie Q by Wiggins d'Anconia
• Re: Super Newbie Q by Alan Moote