perl脚本：使用metacharater获取IP地址

Question

我一直在研究从结果中获取IP地址的一些选项......但似乎没有工作......为什么？

有人可以提出建议吗？我想将结果与规则文件的IP地址进行比较，查找并向用户发出一些警告;我该怎么办？

#!/usr/local/bin/perl

use File::Tail;

chdir( "/var/log/snort");

foreach my $fol(glob "*.*.*.*")
{

        print "Opening $fol\n";
        chdir("/var/log/snort/$fol");
        foreach my $subfile(glob "*:*")
        {
                print "opening $subfile\n";
                push(@files,File::Tail->new(name=>"$subfile",debug=>$debug));
        }
        while (1)
        {
                ($nfound,$timeleft,@pending)= File::Tail::select(undef,undef,undef,$timeout,@files);
                unless ($nfound)
                {
                        print "Nothing to print \n";
                }
                else
                    foreach(@pending)
                        {
                                if(/((\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}):\d{1,5} -> (\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}):\d{1,5})/)
                                                  #OR
                                if (/([.\d]+):\d -> ([.\d]+):\d/)
                               {
                                #print $_ -> read;
                                print $_ -> {"input"}. " (".localtime(time).") ".$2 -> read;
                               }
                        }
                }
        }

}

我想从此显示屏获取WAN端口的IP地址......

Mar 30 01:49:57 2011) 03/30-01:49:50.607858 119.40.116.196:80 -> 192.168.242.133:34628
TCP:34628-80 (Wed Mar 30 01:49:57 2011) TCP TTL:128 TOS:0x0 ID:34869 IpLen:20 DgmLen:40
TCP:34629-80 (Wed Mar 30 01:49:57 2011) 03/30-01:49:51.309716 119.40.116.196:80 -> 192.168.242.133:34629
UDP:41415-53 (Wed Mar 30 01:49:57 2011) 03/30-01:49:47.220999 192.168.242.2:53 -> 192.168.242.133:41415
UDP:44705-53 (Wed Mar 30 01:49:57 2011) 03/30-01:49:47.427011 192.168.242.2:53 -> 192.168.242.133:44705
UDP:50539-53 (Wed Mar 30 01:49:57 2011) 03/30-01:49:47.213455 192.168.242.2:53 -> 192.168.242.133:50539
TCP:34628-80 (Wed Mar 30 01:49:57 2011) ***AP**F Seq: 0x2F3E700A  Ack: 0x2359814F  Win: 0xFAF0  TcpLen: 20
TCP:34629-80 (Wed Mar 30 01:49:57 2011) TCP TTL:128 TOS:0x0 ID:34871 IpLen:20 DgmLen:40
UDP:41415-53 (Wed Mar 30 01:49:57 2011) UDP TTL:128 TOS:0x0 ID:34859 IpLen:20 DgmLen:65
UDP:44705-53 (Wed Mar 30 01:49:57 2011) UDP TTL:128 TOS:0x0 ID:34861 IpLen:20 DgmLen:153
UDP:50539-53 (Wed Mar 30 01:49:57 2011) UDP TTL:128 TOS:0x0 ID:34857 IpLen:20 DgmLen:179

Answer 1

将foreach循环更改为：

foreach(@pending) {
    my line = $_->read;
    if ($line =~ /\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d{1,5} -> (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}):(\d{1,5})/) {
        print $_->{"input"}. " (".localtime(time).") IP:$1 PORT:$2\n";
    }
}