使用perl

时间:2016-04-23 16:55:23

标签: perl file logging printing

这是我有

的日志文件的内容 
2016-04-22 14:19:44+0000 [cowrie.ssh.transport.HoneyPotSSHFactory] New connection: 185.103.252.14:47122 (172.17.0.2:2222) [session: 799f0f37]
2016-04-22 14:19:45+0000 [SSHService ssh-userauth on HoneyPotTransport,15,185.103.252.14] login attempt [admin/1234] succeeded
2016-04-22 14:19:51+0000 [cowrie.ssh.transport.HoneyPotSSHFactory] New connection: 185.103.252.14:43500 (172.17.0.2:2222) [session: 687010b3]
2016-04-22 14:19:52+0000 [SSHService ssh-userauth on HoneyPotTransport,16,185.103.252.14] login attempt [admin/12345] failed
2016-04-22 14:55:45+0000 [cowrie.ssh.transport.HoneyPotSSHFactory] New connection: 203.160.130.217:60302 (172.17.0.2:2222) [session: d3f90a34]
2016-04-22 14:55:45+0000 [cowrie.ssh.transport.HoneyPotSSHFactory] New connection: 203.160.130.217:60304 (172.17.0.2:2222) [session: 636c7144]
2016-04-22 14:55:45+0000 [cowrie.ssh.transport.HoneyPotSSHFactory] New connection: 203.160.130.217:60303 (172.17.0.2:2222) [session: d5956265]
2016-04-22 14:56:01+0000 [SSHService ssh-userauth on HoneyPotTransport,17,203.160.130.217] login attempt [root/password] succeeded
2016-04-22 14:56:01+0000 [SSHService ssh-userauth on HoneyPotTransport,18,203.160.130.217] login attempt [root/123456] succeeded
2016-04-22 14:56:02+0000 [SSHService ssh-userauth on HoneyPotTransport,19,203.160.130.217] login attempt [root/123456] succeeded

使用Perl脚本,当有一行" New connection"时,我想输出源IP和源端口。这是我到目前为止的脚本:

sub cowrieExtractor(){

        open(FILE2, $cowrie) or die "Can't open '$cowrie': $!";
       #        print FILE2 "SourceIP,SourcePort\n";

        open(LOG2, $path2) or die "Can't open '$path2': $!";
        #while(my $lines = <LOG2>){

        #my @x = split /[\s:()]+/,$lines;
        #print FILE2 join "\n", @x;

        #my ($ip, $port) = (split /[\s:()]+/,$lines)[9,10];

        #print FILE2 join ",",($ip, $port);
        #print FILE2 "\n";

        #we need to out the Source IP, Source Port from New Connection & user/pass from login attempt #use pattern matching if

        #}
        #To output user and password of login attempt, set $ip variable to the contents of array at that x position of new
        #connection to match the ip of the login attempt
        $ip = "";
        $port = "";

        while(my $lines = <LOG2>){

                if($lines =~ /New connection/){

                ($ip, $port) = (split /[\[\]\s:()]+/, $lines)[7,8];

                }
                #elsif($lines =~ /login attempt/){#and the ip of the new connection

                #my($usr, $pass, $status) = (split /[\s:\[\]\/]+/, $lines)[,-1]

#while(my $lines = <LOG2>){

        #my @x = split /[\s:()]+/,$lines;
        #print FILE2 join "\n", @x;

        #my ($ip, $port) = (split /[\s:()]+/,$lines)[9,10];

        #print FILE2 join ",",($ip, $port);
        #print FILE2 "\n";

        #we need to out the Source IP, Source Port from New Connection & user/pass from login attempt #use pattern matching if

        #}
        #To output user and password of login attempt, set $ip variable to the contents of array at that x position of new
        #connection to match the ip of the login attempt
        $ip = "";
        $port = "";

        while(my $lines = <LOG2>){

                if($lines =~ /New connection/){

                ($ip, $port) = (split /[\[\]\s:()]+/, $lines)[7,8];

                }
                #elsif($lines =~ /login attempt/){#and the ip of the new connection

                #my($usr, $pass, $status) = (split /[\s:\[\]\/]+/, $lines)[,-1]

                #}

        print FILE2 join ",",($ip, $port);
        print FILE2 "\n";

        }



}

这是csv文件中的输出:

185.103.252.14,47122
185.103.252.14,47122
185.103.252.14,43500
185.103.252.14,43500
203.160.130.217,60302
203.160.130.217,60304
203.160.130.217,60303
203.160.130.217,60303
203.160.130.217,60303
203.160.130.217,60303

我有某种逻辑或语法不正确。谢谢你的帮助

1 个答案:

答案 0 :(得分:-1)

正如@sigmalha正确识别的那样,打印部件放错位置

相关问题
最新问题