Help need with PERL multiple search pattern matching!

Shell Programming and Scripting
1

My example file is as given below:

conn=1 uid=oracle
conn=2 uid=db2
conn=3 uid=oracle
conn=4 uid=hash
conn=5 uid=skher
conn=6 uid=oracle
conn=7 uid=mpalkar
conn=8 uid=anarke
conn=9 uid=oracle
conn=1 op=-1 msgId=-1 - fd=104 slot=104 LDAPS connection from 10.10.5.6 to 10.18.6.5
conn=2 op=-1 msgId=-1 - fd=104 slot=104 LDAPS connection from 10.20.35.10 to 10.18.6.5
conn=3 op=-1 msgId=-1 - fd=104 slot=104 LDAPS connection from 10.30.35.19 to 10.18.6.5
conn=4 op=-1 msgId=-1 - fd=104 slot=104 LDAPS connection from 10.40.35.11 to 10.18.6.5
conn=5 op=-1 msgId=-1 - fd=104 slot=104 LDAPS connection from 10.50.35.12 to 10.18.6.5
conn=6 op=-1 msgId=-1 - fd=104 slot=104 LDAPS connection from 10.10.35.14 to 10.18.6.5
conn=7 op=-1 msgId=-1 - fd=104 slot=104 LDAPS connection from 10.20.35.15 to 10.18.6.5
conn=8 op=-1 msgId=-1 - fd=104 slot=104 LDAPS connection from 10.20.35.16 to 10.18.6.5
conn=9 op=-1 msgId=-1 - fd=104 slot=104 LDAPS connection from 10.10.35.14 to 10.18.6.5

I need to write a scipt which will grep "uid=oracle" / "uid=db2" / "uid=hash" and find the IP address the connection is initiated from
using the connection ID "conn=x"

This is a sample file which I have kind of simplified and the actually file is in GBs.

I need to do this in perl now....

I would like an output something like this:

IP=w.x.y.z  Hits=x Pattern="uid=oracle"
IP=x.y.z.a  Hits=x Pattern="uid=oracle"
IP=w.x.y.z  Hits=x Pattern="uid=db2"
IP=g.x.y.z  Hits=x Pattern="uid=hash"

Hits basically means the number of times the IP from which the seach with uid=x was initiated.

Any help would certainly be appreciated!

2 
$
$ cat f38
conn=1 uid=oracle
conn=2 uid=db2
conn=3 uid=oracle
conn=4 uid=hash
conn=5 uid=skher
conn=6 uid=oracle
conn=7 uid=mpalkar
conn=8 uid=anarke
conn=9 uid=oracle
conn=1 op=-1 msgId=-1 - fd=104 slot=104 LDAPS connection from 10.10.5.6 to 10.18.6.5
conn=2 op=-1 msgId=-1 - fd=104 slot=104 LDAPS connection from 10.20.35.10 to 10.18.6.5
conn=3 op=-1 msgId=-1 - fd=104 slot=104 LDAPS connection from 10.30.35.19 to 10.18.6.5
conn=4 op=-1 msgId=-1 - fd=104 slot=104 LDAPS connection from 10.40.35.11 to 10.18.6.5
conn=5 op=-1 msgId=-1 - fd=104 slot=104 LDAPS connection from 10.50.35.12 to 10.18.6.5
conn=6 op=-1 msgId=-1 - fd=104 slot=104 LDAPS connection from 10.10.35.14 to 10.18.6.5
conn=7 op=-1 msgId=-1 - fd=104 slot=104 LDAPS connection from 10.20.35.15 to 10.18.6.5
conn=8 op=-1 msgId=-1 - fd=104 slot=104 LDAPS connection from 10.20.35.16 to 10.18.6.5
conn=9 op=-1 msgId=-1 - fd=104 slot=104 LDAPS connection from 10.10.35.14 to 10.18.6.5
$
$
$ perl -ne 'if (/^conn=(\d+)\s+(uid=(oracle|db2|hash))/) {
              $x{$1} = $2
            } elsif (/^conn=(\d+).*from\s+(.*?)\s+to.*$/ and defined $x{$1}) {
              $y{$2}->[0]++;
              $y{$2}->[1] = $x{$1};
            }
            END {
              while (($k, $v) = each %y) {
                printf ("IP=%12s  Hits=%d Pattern=\"%s\"\n", $k, @$v);
              }
            }
           ' f38
IP= 10.10.35.14  Hits=2 Pattern="uid=oracle"
IP= 10.40.35.11  Hits=1 Pattern="uid=hash"
IP= 10.20.35.10  Hits=1 Pattern="uid=db2"
IP= 10.30.35.19  Hits=1 Pattern="uid=oracle"
IP=   10.10.5.6  Hits=1 Pattern="uid=oracle"
$
$

tyler_durden

1 Like
3

Hi,

another way:

cat YOURFILE.log|sort -k1,2r|awk -F" " '{a=$2;getline;print $10" "a}'|sort -k1|uniq -c|awk -F" " '{print "IP="$2" Hits="$1" Pattern="$3}'
4

Hello tyler_durden,

I would request you to help me just a little on how this code works so that I can edit it for some other purpose.... Thanks a lot....