这个网站是一个很好的帮助,因为我重新开始编程,我正在尝试编写一个简单的perl脚本来分析目录(多个域)中的apache日志文件,拉出每个的最后1000行日志文件,从日志文件中剥离IP地址,然后将它们与僵尸垃圾邮件制造者的已知阻止列表进行比较。
到目前为止,我已经让脚本工作了,除了一个问题。让我说我在两个日志文件中有IP地址10.128.45.5,当然脚本分析每个日志文件依次剥离并将IP减少到一个PER日志文件,但我想要做的是缩小甚至更多到每个实例一个我运行此脚本,无论是否在多个日志文件中出现相同的IP。
这是我到目前为止所获得的代码,抱歉,如果它有点混乱。
#!/usr/bin/perl
# Extract IP's from apache access logs for the last hour and matches with forum spam bot list.
# The fun work of Daniel Pearson
use strict;
use warnings;
use Socket;
# Declarations
my ($file,$list,@files,%ips,$match,$path,$sort);
my $timestamp = localtime(time);
# Check to see if matching file exists
$list ='list';
if (-e $list) {
Delete the file so we can download a new one if it exists
print "File Exists!";
print "Deleting File $list\n";
unlink($list);
}
sleep(5);
system ("wget http://www.domain.com/list");
sleep(5);
my $dir = $ARGV[0] or die "Need to specify the log file directory\n";
opendir(DIR, "$dir");
@files = grep(/\.*$/,readdir(DIR));
closedir(DIR);
foreach my $file(@files) {
my $sum = 0;
if (-d $file) {
print "Skipping Directory $file\n";
}
else {
$path = "$dir$file";
open my $path, "-|", "/usr/bin/tail", "-1000", "$path" or die "could not start tail on $path: $!";
my %ips;
while (my $line = <$path>) {
chomp $line;
if ($line =~ m/(?!0+\.0+\.0+\.0+$)(([01]?\d\d?|2[0-4]\d|25[0-5])\.([01]?\d\d?|2[0-4]\d|25[0-5])\.([01]?\d\d?|2[0-4]\d|25[0-5])\.([01]?\d\d?|2[0-4]\d|25[0-5]))/g) {
my $ip = $1;
$ips{$ip} = $ip;
}
}
}
foreach my $key (sort keys %ips) {
open ("files","$list");
while (my $sort = <files>) {
chomp $sort;
if ($key =~ $sort) {
open my $fh, '>>', 'banned.out';
print "Match Found we need to block it $key\n";
print $fh "$key:$timestamp\n";
close $fh;
}
}
}
}
任何可以提出的建议我都会感激不尽。
答案 0 :(得分:0)
完成任务:
将my %ips移到({em>上方)foreach my $file (@files)循环之外。
将foreach my $key ( sort keys %ips )移到({em>以下)foreach my $file (@files)循环之外。