我想更新我的脚本,以便为我提供在路由器和防火墙日志中看到的入站IP的目标IP和端口。
现在,我的脚本告诉我在路由器和防火墙上看到的IP:
...
%blocked_rtr_ips = ();
open RTLOG, $_ or die "fatal error. Could not open logfile $_.";
while (<RTLOG>)
{
...
#columns split per line into variables
#if condition met
$blocked_rtr_ips{$rtr_src_ip} = $rtr_src_ip;
...
}
close RTLOG;
%all_fw1_ips = ();
open FWLOG, $_ or die "fatal error. Could not open logfile $_.";
while (<FWLOG>)
{
...
#columns split per line into variables
#if condition met
$all_fw1_ips{$src_ip} = $src_ip;
...
}
close FWLOG;
#-------Compare IPs and store the IPs that are seen on both
@flagged_ips = ();
for ( keys %blocked_rtr_ips )
{
if ( exists $all_fw1_ips{$_} )
{
push @flagged_ips, $_;
}
}
print "@flagged_ips\n";
我需要的是能够存储和打印源IP试图访问的唯一目标IP和唯一目标端口。这是我需要帮助的,因为我一直坚持如何去做。
喜欢的东西 SRC_IP,DST_IP,DST_PORT1,DST_PORT2等