Extract string from a file & write to a new file (Perl)

LuckyGuy · November 18, 2009, 6:03am

Hi,

This is the first time playing around with perl and need some help.

Assuming if i have a line of text that looks like this:

Date/Time=Nov 18 17:12:11;Device Name=192.168.1.1;Device IP=192.168.1.1;Device Class=IDS;Source IP=155.212.212.111;Source Name=UNKNOWN;Source Port=1679 (darcorp-lm);Destination IP=155.212.212.237;Destination Name=UNKNOWN;Destination Port=445 ();Message ID=SMB_Empty_Password_Failed:02;Message Text=Sep  2 17:34:23 %ISS-3-SMB_Empty_Password_Failed: 4018262^^2009-09-02 13:25:22.000^^SMB_Empty_Password_Failed^^(null)^^(null)^^3^^192.168.1.1^^155.212.212.111^^1679^^155.212.212.237^^netbios-ssn^^tcp^^Proventia G-Series^^(null)^^(null)^^1^^n^^445^^5^^27^^(null)^^Audit^^B^^(null)^^(null)^^(null)^^(null)^^(null)^^(null)^^(null)^^(null)^^(null)^^(null);

The delimiter above is semi-colon.

Need some help with a perl script to extract certain information from the line above and write the extracted info to a new file and the format of the new file should look like this:

-> from Message Text field
Summary !1000000000!: Sep  2 17:34:23 %ISS-3-SMB_Empty_Password_Failed: 4018262^^2009-09-02 13:25:22.000^^SMB_Empty_Password_Failed^^(null)^^(null)^^3^^192.168.1.1^^155.212.212.111^^1679^^155.212.212.237^^netbios-ssn^^tcp^^Proventia G-Series^^(null)^^(null)^^1^^n^^445^^5^^27^^(null)^^Audit^^B^^(null)^^(null)^^(null)^^(null)^^(null)^^(null)^^(null)^^(null)^^(null)^^(null)
 
-> from Source IP field
Asset ID !210000000!: 155.212.212.111
 
The following text are fixed:
Summary !1000000000!: 
Asset ID !210000000!:

Hope some kind soul out there can help with a perl script to do it.

Thank you in advance!

---------- Post updated at 07:03 PM ---------- Previous update was at 05:41 PM ----------

This is what i had created:

#!/usr/bin/perl -w
# read "org.log"
open (FILE, 'Text_OutPut.txt') or die "$!";
open (NEWFILE, '> remedysource.txt') or die "$!";
while (<FILE>) {
# replace txt with correct values
s/View Name=/ACTION: /;
s/Correlation Message ID=/Summary !1000000000!: /;
s/Correlation ID=/Notes !1000000151!: /;
s/Source IP=/Asset ID !210000000!: /;
s/Current Severity=/Priority !1000000164!: /;
@fields = split /;/, $_;
print NEWFILE "$fields[0]\n";
print NEWFILE "$fields[4]\n";
print NEWFILE "$fields[3]\n";
print NEWFILE "$fields[2]\n";
print NEWFILE "$fields[1]\n";
}
close (FILE);
close (NEWFILE);

It accomplishes what i want but can someone advise is there a better way of doing it?

Thx!

jsmithstl · November 18, 2009, 7:03am

Here's one way.

#!/usr/bin/perl

use strict;

my @a_out;
my @a_str;
my $str;

open INFILE, "<file_parse.in"
  or die "can't open file: $!";

while(<INFILE>)
{
   chomp($_);
   @a_str = split(';', $_);

   foreach $str (@a_str)
   {

      if ($str =~ m/Message Text/ )
      {
         $str =~ s/Message Text=/Summary !1000000000!: /;
         unshift (@a_out, "$str");
      }
      elsif ($str =~ m/Source IP/ )
      {
         $str =~ s/Source IP=/Asset ID !210000000!: /;
         unshift (@a_out, "$str");
      }

   }
}

close INFILE
  or die "can't close file: $!";

open OUTFILE, ">file_parse.out"
  or die "can't open file: $!";

foreach $str (@a_out)
{
   print (OUTFILE "$str\n");
}

close OUTFILE
  or die "can't close file: $!";

output

Summary !1000000000!: Sep 2 17:34:23 %ISS-3-SMB_Empty_Password_Failed: 4018262^^2009-09-02 13:25:22.000^^SMB_Empty_Password_Failed^^(null)^^(null)^^3^^192.168.1.1^^155.212.212.111^^1679^^155. 212.212.237^^netbios-ssn^^tcp^^Proventia G-Series^^(null)^^(null)^^1^^n^^445^^5^^27^^(null)^^Audit^^B^^(null)^^(null)^^(null)^^(null)^^(null)^^ (null)^^(null)^^(null)^^(null)^^(null)
Asset ID !210000000!: 155.212.212.111

gaya · November 18, 2009, 9:27am

removed my post

jsmithstl · November 18, 2009, 9:43am

Gaya,

If this is a new request for help, please remove your post, if possible, and open a new thread.