過濾設(shè)備日志入庫(kù)(perl 版)
腳本的主要功能就是實(shí)現(xiàn)了,對(duì)于一個(gè)設(shè)備的日志文件信息過濾,抓取需要的字段,然后插入數(shù)據(jù)庫(kù),用perl語言實(shí)現(xiàn)起來很是方便,配合crontab使用,更是強(qiáng)大!!
本文引用地址:http://cafeforensic.com/article/201610/306017.htm文件一條記錄:Jun 4 05:08:46 194.168.0.8 61: %SYS-5-CONFIG_I: Configured from console by vty0 (194.168.0.444)
正則:(S+s+d+s+S+)s+(d+.d+.d+.d+)sS+:s+%(S+):s+(.*)
腳本源碼
:
#!/usr/bin/perl
use DBI;
my $log_record;
my @log_arry;
my $log_path;
my $date;
my $ip;
my $type;
my $desc;
my $line;
$log_path=/var/log/sourcep.log;
`/etc/init.d/sysklogd stop`;
`mv /var/log/source.log /var/log/sourcep.logtouch /var/log/source.log`;
`/etc/init.d/sysklogd start`;
my $db=dbi:mysql:dbname=xxxx;
my $dbh= DBI->connect($db,root,xxxx,{'RaiseError'=>1,'AutoCommit'=>0}) or die Can't connect to DB:.DBI->errstr;
my $sql=$dbh->prepare(q{INSERT INTO tbl_device(date,ip,type,descon) VALUES (?,?,?,?)});
my ($date,$ip,$type,$desc);
if (open(log_1,$log_path)){
eval{
while($line=
foreach($line){
/(S+s+d+s+S+)s+(d+.d+.d+.d+)sS+:s+%(S+):s+(.*)/ and do{
$date= $1;
$ip = $2;
$type= $3;
$desc= $4;
};# end do
$sql->execute($date,$ip,$type,$desc);
print ($datet.$ipt.$typet.$descn);
} # end for
} # end while
$dbh->commit();
} # end eval
} # end if
if($EVAL_ERROR){
print Transaction aborted: ,$EVAL_ERROR,n;
$dbh->rollback();
} # end local if
$dbh->disconnect();
`rm /var/log/sourcep.log`;
評(píng)論