perl脚本：使用元字符获取IP地址

发布于 2024-10-29 19:20:14 字数 2488 浏览 0 评论 0原文

我一直在研究一些从结果中获取 IP 地址的选项...但它似乎不起作用...为什么？

有人可以提供建议吗？我想将结果与规则文件的IP地址进行比较，找到并给用户一些警报；我应该怎么办？

#!/usr/local/bin/perl

use File::Tail;

chdir( "/var/log/snort");

foreach my $fol(glob "*.*.*.*")
{

        print "Opening $fol\n";
        chdir("/var/log/snort/$fol");
        foreach my $subfile(glob "*:*")
        {
                print "opening $subfile\n";
                push(@files,File::Tail->new(name=>"$subfile",debug=>$debug));
        }
        while (1)
        {
                ($nfound,$timeleft,@pending)= File::Tail::select(undef,undef,undef,$timeout,@files);
                unless ($nfound)
                {
                        print "Nothing to print \n";
                }
                else
                    foreach(@pending)
                        {
                                if(/((\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}):\d{1,5} -> (\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}):\d{1,5})/)
                                                  #OR
                                if (/([.\d]+):\d -> ([.\d]+):\d/)
                               {
                                #print $_ -> read;
                                print $_ -> {"input"}. " (".localtime(time).") ".$2 -> read;
                               }
                        }
                }
        }

}

我想从此显示器获取 WAN 端口的 IP 地址...

Mar 30 01:49:57 2011) 03/30-01:49:50.607858 119.40.116.196:80 -> 192.168.242.133:34628
TCP:34628-80 (Wed Mar 30 01:49:57 2011) TCP TTL:128 TOS:0x0 ID:34869 IpLen:20 DgmLen:40
TCP:34629-80 (Wed Mar 30 01:49:57 2011) 03/30-01:49:51.309716 119.40.116.196:80 -> 192.168.242.133:34629
UDP:41415-53 (Wed Mar 30 01:49:57 2011) 03/30-01:49:47.220999 192.168.242.2:53 -> 192.168.242.133:41415
UDP:44705-53 (Wed Mar 30 01:49:57 2011) 03/30-01:49:47.427011 192.168.242.2:53 -> 192.168.242.133:44705
UDP:50539-53 (Wed Mar 30 01:49:57 2011) 03/30-01:49:47.213455 192.168.242.2:53 -> 192.168.242.133:50539
TCP:34628-80 (Wed Mar 30 01:49:57 2011) ***AP**F Seq: 0x2F3E700A  Ack: 0x2359814F  Win: 0xFAF0  TcpLen: 20
TCP:34629-80 (Wed Mar 30 01:49:57 2011) TCP TTL:128 TOS:0x0 ID:34871 IpLen:20 DgmLen:40
UDP:41415-53 (Wed Mar 30 01:49:57 2011) UDP TTL:128 TOS:0x0 ID:34859 IpLen:20 DgmLen:65
UDP:44705-53 (Wed Mar 30 01:49:57 2011) UDP TTL:128 TOS:0x0 ID:34861 IpLen:20 DgmLen:153
UDP:50539-53 (Wed Mar 30 01:49:57 2011) UDP TTL:128 TOS:0x0 ID:34857 IpLen:20 DgmLen:179

原文

I have been working out a few options to get an IP address from the result... but it seems not to be working...why?

Can anyone offer a suggestion? I would like to compare the result with the rule file's IP address, find, and give some alert to the user; what should I do?

#!/usr/local/bin/perl

use File::Tail;

chdir( "/var/log/snort");

foreach my $fol(glob "*.*.*.*")
{

        print "Opening $fol\n";
        chdir("/var/log/snort/$fol");
        foreach my $subfile(glob "*:*")
        {
                print "opening $subfile\n";
                push(@files,File::Tail->new(name=>"$subfile",debug=>$debug));
        }
        while (1)
        {
                ($nfound,$timeleft,@pending)= File::Tail::select(undef,undef,undef,$timeout,@files);
                unless ($nfound)
                {
                        print "Nothing to print \n";
                }
                else
                    foreach(@pending)
                        {
                                if(/((\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}):\d{1,5} -> (\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}):\d{1,5})/)
                                                  #OR
                                if (/([.\d]+):\d -> ([.\d]+):\d/)
                               {
                                #print $_ -> read;
                                print $_ -> {"input"}. " (".localtime(time).") ".$2 -> read;
                               }
                        }
                }
        }

}

I want to get the IP address of the WAN port from this display...

Mar 30 01:49:57 2011) 03/30-01:49:50.607858 119.40.116.196:80 -> 192.168.242.133:34628
TCP:34628-80 (Wed Mar 30 01:49:57 2011) TCP TTL:128 TOS:0x0 ID:34869 IpLen:20 DgmLen:40
TCP:34629-80 (Wed Mar 30 01:49:57 2011) 03/30-01:49:51.309716 119.40.116.196:80 -> 192.168.242.133:34629
UDP:41415-53 (Wed Mar 30 01:49:57 2011) 03/30-01:49:47.220999 192.168.242.2:53 -> 192.168.242.133:41415
UDP:44705-53 (Wed Mar 30 01:49:57 2011) 03/30-01:49:47.427011 192.168.242.2:53 -> 192.168.242.133:44705
UDP:50539-53 (Wed Mar 30 01:49:57 2011) 03/30-01:49:47.213455 192.168.242.2:53 -> 192.168.242.133:50539
TCP:34628-80 (Wed Mar 30 01:49:57 2011) ***AP**F Seq: 0x2F3E700A  Ack: 0x2359814F  Win: 0xFAF0  TcpLen: 20
TCP:34629-80 (Wed Mar 30 01:49:57 2011) TCP TTL:128 TOS:0x0 ID:34871 IpLen:20 DgmLen:40
UDP:41415-53 (Wed Mar 30 01:49:57 2011) UDP TTL:128 TOS:0x0 ID:34859 IpLen:20 DgmLen:65
UDP:44705-53 (Wed Mar 30 01:49:57 2011) UDP TTL:128 TOS:0x0 ID:34861 IpLen:20 DgmLen:153
UDP:50539-53 (Wed Mar 30 01:49:57 2011) UDP TTL:128 TOS:0x0 ID:34857 IpLen:20 DgmLen:179

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

最单纯的乌龟 2024-11-05 19:20:14

将 foreach 循环更改为：

foreach(@pending) {
    my line = $_->read;
    if ($line =~ /\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d{1,5} -> (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}):(\d{1,5})/) {
        print $_->{"input"}. " (".localtime(time).") IP:$1 PORT:$2\n";
    }
}

Change the foreach loop as:

foreach(@pending) {
    my line = $_->read;
    if ($line =~ /\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d{1,5} -> (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}):(\d{1,5})/) {
        print $_->{"input"}. " (".localtime(time).") IP:$1 PORT:$2\n";
    }
}

回复收藏 0 原文

~没有更多了~