Re: Super Newbie Q

John,

You went way out of your way in helping me here.  I
really appreciate it.
I will try to remember these rules.  The checking is a
great idea.  I also tend to over complicate things, I
have to remember that.

Thanks again,

Al Moote


--- "John W. Krahn" <krahnj@acm.org> wrote: > Alan
moote wrote:
> > 
> > Hey gang,
> > 
> > As you will soon see, I am quite new to Perl.  I
> am
> > trying to out put a list of IPs that are trying to
> > access cmd.exe on my webserver.  The problem is,
> when
> > I run the script against my access_log the output
> is a
> > bunch of blank lines.  Here's the script so far:
> > 
> > #!/usr/bin/perl -w
> > ## Use pattern matching to find IPs that have
> searched
> > for "cmd.exe"
> > 
> > ## Example log lines:
> > ## 24.150.82.42 - - [08/Dec/2002:08:47:46 -0500]
> "GET
> > /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 293
> "-"
> > "-"
> > ## 24.150.82.42 - - [08/Dec/2002:08:47:48 -0500]
> "GET
> > /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 293
> "-"
> > "-"
> > ## 24.150.82.42 - - [08/Dec/2002:08:47:51 -0500]
> "GET
> > /scripts/..%255c../winnt/system32/cmd.exe?/c+dir
> > HTTP/1.0" 404 307 "-" "-"
> > 
> > $LogFile=$ARGV[0];
> > 
> > ## Open the file called from command line, die
> with
> > error if not readable
> > 
> > open(ACCLOG, "<$LogFile") || die "Cannot open
> > $LogFile\n";
> 
> You should include the $! variable in the error
> message so you know why
> it failed.
> 
> 
> > while(<ACCLOG>) {
> > 
> >
>
/(^[0-9]{1-3}\.[0-9]{1-3}\.[0-9]{1-3}\.[0-9]{1-3})*.cmd\.exe*.$/g;
>                                                    
> ^^        ^^
> *. should be .* and the /g modifier isn't used.
> 
> 
> >         print "$1\n";
> 
> You shouldn't use the dollar-digit variables unless
> you verify that the
> regular expression matched.
> 
> 
> > }
> > 
> > close(ACCLOG);
> > 
> > It's not much, and to me, it looks right, but
> > obviously I am overlooking some details.
> > Any ideas?
> 
> 
> This should do what you want.
> 
> #!/usr/bin/perl -w
> use strict;
> 
> while ( <> ) { # automaticaly opens files in @ARGV
>     if ( /\bcmd\.exe\b/ and
> /^(\d{1,3}(?:\.\d{1,3}){3})\s/ ) {
>         print "$1\n";
>         }
>     }
> 
> 
> 
> 
> John
> -- 
> use Perl;
> program
> fulfillment
> 
> -- 
> To unsubscribe, e-mail:
> beginners-unsubscribe@perl.org
> For additional commands, e-mail:
> beginners-help@perl.org
>  

__________________________________________________
Do You Yahoo!?
Everything you'll ever need on one web page
from News and Sport to Email and Music Charts
http://uk.my.yahoo.com

• Super Newbie Q by Alan Moote
• Re: Super Newbie Q by John W. Krahn
• Re: Super Newbie Q by Alan Moote
• Re: Super Newbie Q by Wiggins d'Anconia
• Re: Super Newbie Q by Alan Moote