Re: [FW1] Firewall Log analyser

[Jim Littlefield <little@hks.com>]

On Wed, Sep 01, 1999 at 08:01:44AM -0400, Michael Sleeper wrote:
> 
> PERL works great!  
> 
> Unfortunately (as some of us are discovering), the output generated by
> fw export is not always consistent.  The order of the fields appears to
> change.  I haven't taken the time to find out what triggers the output
> change, but maybe others on this list may have a bit more insight on the
> matter.

Yes, we were burned by that "feature" too. I'd like to meet the moron who
thought that one up :(

There is a way around the unordered field problem. Just grab the header
line and use a level of indirection:

# skip down to the log entries
while (<>)
{
   chomp;
   last if /^num;date/;
}

# build the field lookup array
$i = 0;
foreach $f (split(/;/))
{
   $fields{$f} = $i++;
}

while (<>)
{
   chomp;
    @rec = split(/;/);

   next if $rec[$fields{"s_port"}] eq "ntp-udp";
.
.
.

-- 
Jim Littlefield                         "Factorials were someone's
                                         attempt to make math *look*
                                         exciting." - Steven Wright


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================