My log file looks as given below, its actually a huge file around 1 GB and these are some of the line:
[22/Mar/2011:12:23:48 +0000] conn=5368758 op=10628050 msgId=64 - RESULT err=0 tag=101 nentries=1 etime=0
[22/Mar/2011:12:23:48 +0000] conn=7462122 op=-1 msgId=-1 - fd=247 slot=247 LDAPS connection from 10.13.18.12:37645 to 10.18.6.45
[22/Mar/2011:12:23:48 +0000] conn=7462122 op=-1 msgId=-1 - SSL 256-bit AES-256
[22/Mar/2011:12:23:48 +0000] conn=7462122 op=0 msgId=1 - BIND dn="" method=128 version=3
[22/Mar/2011:12:23:48 +0000] conn=7462122 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn=""
[22/Mar/2011:12:23:48 +0000] conn=7462122 op=1 msgId=2 - SRCH base="ou=people,dc=abc,dc=com" scope=1 filter="(&(objectClass=shadowAccount)(uid=ora))" attrs="uid userPassword shadowLastChange shadowMax shadowMin shadowWarning shadowInactive shadowExpire shadowFlag"
[22/Mar/2011:12:23:48 +0000] conn=7462122 op=1 msgId=2 - RESULT err=0 tag=101 nentries=1 etime=0
[22/Mar/2011:12:23:48 +0000] conn=7462123 op=-1 msgId=-1 - fd=310 slot=310 LDAP connection from 10.11.3.34:58868 to 10.18.6.45
[22/Mar/2011:12:23:48 +0000] conn=7462123 op=0 msgId=1 - SRCH base="" scope=0 filter="(objectClass=*)" attrs="supportedControl supportedSALMechanisms"
[22/Mar/2011:12:23:48 +0000] conn=7462123 op=0 msgId=1 - RESULT err=0 tag=101 nentries=1 etime=0
[22/Mar/2011:12:23:48 +0000] conn=7462123 op=1 msgId=2 - UNBIND
[22/Mar/2011:12:23:48 +0000] conn=7462123 op=1 msgId=-1 - closing from 10.11.3.34:58868 - U1 - Connection closed by unbind client -
I need to find the line containg the string "LDAPS connection from" and find the IP its coming from.
For ex: From the 2nd line I want 10.13.18.12 and from the 9th line I want 10.11.3.34
Later, The I need to add up the total connections from each of these the IPs.
For eg:
10.13.18.12 - 20
10.11.3.34 - 40
I could do this in awk but it was utilizing a lot of CPU. So, I need to do this in perl. I am new to perl.
Any help would be high appreciated.