Perl 脚本:File::Tail 函数如何读取二进制(TCPPDUMP)文件?
任何人都可以给我一些关于这段代码的意见吗?
#!/usr/local/bin/perl
use File::Tail;
$file = File::Tail -> new("/var/log/snort/snort.log.1301090101");
while(defined($line=$file ->read))
{
print $line;
}
由于日志文件是二进制格式,所以我尝试修改这样的代码,
#!/usr/local/bin/perl
use File::Tail;
$file = File::Tail -> new("/var/log/snort/snort.log.1301090101");
open(my $LF, "-|", "/usr/local/bin/snort -r $file") or die "$!";
while(defined($line=$file ->read))
{
print $line;
}
该代码似乎有一些语法错误..不可能将管道和文件尾部功能结合起来? file::tail 函数不是已经包含 open() 方法了吗?
第二个问题是关于 $file = File::Tail -> new(<文件名>); snort.log.1301090101、snort.log.1301090102 和 snort.log.1301090102 在同一目录中,则不是'是否可以使用单个 File::Tail 函数来读取所有内容或目录内的文件?
anyone can give me some opinion about this code?
#!/usr/local/bin/perl
use File::Tail;
$file = File::Tail -> new("/var/log/snort/snort.log.1301090101");
while(defined($line=$file ->read))
{
print $line;
}
since the log file is binary format so i try modify code like this
#!/usr/local/bin/perl
use File::Tail;
$file = File::Tail -> new("/var/log/snort/snort.log.1301090101");
open(my $LF, "-|", "/usr/local/bin/snort -r $file") or die "$!";
while(defined($line=$file ->read))
{
print $line;
}
this code seem have some syntax error..isn't possible to combine pipe and file tail function? isn't file::tail function already include open() method?
2nd question is about the $file = File::Tail -> new(<Filename>);<Filename> seem must the single file and must point to the particular file name...
if i have 3 file: snort.log.1301090101, snort.log.1301090102 and snort.log.1301090102 in same directory, isn't possible using a single File::Tail function to read all of that or the file inside the directory?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
正如您在第一个问题中所解释的:您不能简单地直接读取这些文件。它们是二进制格式,而不是文本。您不能使用
File::Tail。您可以将读取这些日志的实际 snort 进程的输出通过管道传输到 perl,如所示。如果它不提供“尾部”类型选项,您就无法尾随它们。
有一个旧的 Perl 模块 Net::TcpDumpLog 可能会让你如果仍然有效,则直接读取数据,但也无法尾随日志。
跟踪它们的唯一方法是更改 snort 配置以输出 ASCII 日志,但您可能会遇到与数据包流保持同步的问题。
As explained in your first question: You can not simply read these files directly. They are in a binary format, not text. You can not use
File::Tail.You can pipe the output of the actual snort process that reads those logs to perl, as has been shown. If it doesn't offer a "tail" type option, you can't tail them.
There is an old perl module Net::TcpDumpLog that might let you read the data directly if it still works, but it can not tail the logs either.
The only way to tail them would be to change your snort config to output ASCII logs, but you may run into problems with it being able to keep up wit the packet stream.