Need help with perl pattern matching

Shell Programming and Scripting
1

My log file looks as given below, its actually a huge file around 1 GB and these are some of the line:

[22/Mar/2011:12:23:48 +0000] conn=5368758 op=10628050 msgId=64 - RESULT err=0 tag=101 nentries=1 etime=0
[22/Mar/2011:12:23:48 +0000] conn=7462122 op=-1 msgId=-1 - fd=247 slot=247 LDAPS connection from 10.13.18.12:37645 to 10.18.6.45
[22/Mar/2011:12:23:48 +0000] conn=7462122 op=-1 msgId=-1 - SSL 256-bit AES-256
[22/Mar/2011:12:23:48 +0000] conn=7462122 op=0 msgId=1 - BIND dn="" method=128 version=3
[22/Mar/2011:12:23:48 +0000] conn=7462122 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn=""
[22/Mar/2011:12:23:48 +0000] conn=7462122 op=1 msgId=2 - SRCH base="ou=people,dc=abc,dc=com" scope=1 filter="(&(objectClass=shadowAccount)(uid=ora))" attrs="uid userPassword shadowLastChange shadowMax shadowMin shadowWarning shadowInactive shadowExpire shadowFlag"
[22/Mar/2011:12:23:48 +0000] conn=7462122 op=1 msgId=2 - RESULT err=0 tag=101 nentries=1 etime=0
[22/Mar/2011:12:23:48 +0000] conn=7462123 op=-1 msgId=-1 - fd=310 slot=310 LDAP connection from 10.11.3.34:58868 to 10.18.6.45
[22/Mar/2011:12:23:48 +0000] conn=7462123 op=0 msgId=1 - SRCH base="" scope=0 filter="(objectClass=*)" attrs="supportedControl supportedSALMechanisms"
[22/Mar/2011:12:23:48 +0000] conn=7462123 op=0 msgId=1 - RESULT err=0 tag=101 nentries=1 etime=0
[22/Mar/2011:12:23:48 +0000] conn=7462123 op=1 msgId=2 - UNBIND
[22/Mar/2011:12:23:48 +0000] conn=7462123 op=1 msgId=-1 - closing from 10.11.3.34:58868 - U1 - Connection closed by unbind client -

I need to find the line containg the string "LDAPS connection from" and find the IP its coming from.

For ex: From the 2nd line I want 10.13.18.12 and from the 9th line I want 10.11.3.34

Later, The I need to add up the total connections from each of these the IPs.

For eg:

10.13.18.12 - 20
10.11.3.34 - 40

I could do this in awk but it was utilizing a lot of CPU. So, I need to do this in perl. I am new to perl.

Any help would be high appreciated.

2 
perl -ne '(/LDAPS? connection from ([0-9.]+)/) && $x{$1}++; END{for(keys %x){print "$_ -> $x{$_}\n"}}' logfile

Can't guarantee if this will be quicker than awk though.

3

Try:

awk -F'.*LDAPS connection from |:' '$2~"[.]"{A[$2]++}END{for(i in A)print i" - "A}' infile

What awk did you use that was slow?

4

The perl one works but the awk one gives me a syntax error.

Thanks a lot balajesuri....

5

To keep the forums high quality for all users, please take the time to format your posts correctly.

First of all, use Code Tags when you post any code or data samples so others can easily read your code. You can easily do this by highlighting your code and then clicking on the # in the editing menu. (You can also type code tags

```text
 and 
```

by hand.)

Second, avoid adding color or different fonts and font size to your posts. Selective use of color to highlight a single word or phrase can be useful at times, but using color, in general, makes the forums harder to read, especially bright colors like red.

Third, be careful when you cut-and-paste, edit any odd characters and make sure all links are working property.

Thank You.

The UNIX and Linux Forums

6

What is your OS and version?