Solved

Cherry picking Log File entries

Posted on 2003-10-30
5
191 Views
Last Modified: 2010-03-04
Hi, to begin this is not homework.

I am attempting to delve into a logfiles whose formats are as follows..

xx.xx.153.22 - - [23/Oct/2003:05:42:50 -0700] "GET /img_/misc/ekbh.gif HTTP/1.1" 200 43 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; MSN 8.0; MSN 8.5; MSNbMSNI; MSNmen-us; MSNcIA)" 0
xx.xx.210.61 - - [23/Oct/2003:05:43:40 -0700] "GET /img_/misc/okil.gif HTTP/1.0" 304 - "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)" 0

My wish is to pull from the logs the date, asset name (ekbh.gif), and the number of times that this asset has been called on that day. In my previous efforts at Perl I've been successful in getting browser info and which OS was used but this has stumped me. Can anyone help?

Thanks.

0
Comment
Question by:roodawg
  • 4
5 Comments
 
LVL 28

Accepted Solution

by:
FishMonger earned 125 total points
ID: 9654633
I used two regexes to extract the date and file name, but it can also be done with a single (more complex) regex.

#!/usr/bin/perl -w

use Data::Dumper;

while (<DATA>) { # log file passed to the script via command line
   $date = $1 if (/\[([^:]+)/);
   $asset_name = $1 if (/([^\/]+)(?= HTTP)/);
   $assets{$date}{$asset_name}++;
}

print Dumper %assets;  # this was used as a debugging statement

for $key (keys %assets) {
   print "$key: ";
   for $value (keys %{$assets{$key}}) {
      print "$value=$assets{$key}{$value}\n";
   }
}


__DATA__
xx.xx.153.22 - - [23/Oct/2003:05:42:50 -0700] "GET /img_/misc/ekbh.gif HTTP/1.1" 200 43 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; MSN 8.0;MSN 8.5; MSNbMSNI; MSNmen-us; MSNcIA)" 0
xx.xx.210.61 - - [24/Oct/2003:05:43:40 -0700] "GET /img_/misc/okil.gif HTTP/1.0" 304 - "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)" 0
xx.xx.153.22 - - [23/Oct/2003:05:42:50 -0700] "GET /img_/misc/ekbh.gif HTTP/1.1" 200 43 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; MSN 8.0;MSN 8.5; MSNbMSNI; MSNmen-us; MSNcIA)" 0
xx.xx.210.61 - - [24/Oct/2003:05:43:40 -0700] "GET /img_/misc/okil.gif HTTP/1.0" 304 - "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)" 0
xx.xx.153.22 - - [23/Oct/2003:05:42:50 -0700] "GET /img_/misc/ekbh.gif HTTP/1.1" 200 43 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; MSN 8.0;MSN 8.5; MSNbMSNI; MSNmen-us; MSNcIA)" 0
xx.xx.210.61 - - [24/Oct/2003:05:43:40 -0700] "GET /img_/misc/okil.gif HTTP/1.0" 304 - "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)" 0
0
 
LVL 28

Expert Comment

by:FishMonger
ID: 9654637
Here is the output from that script.  (the lines prior to the last 2 are from the debugging statement)

$VAR1 = '24/Oct/2003';
$VAR2 = {
          'okil.gif' => 3
        };
$VAR3 = '23/Oct/2003';
$VAR4 = {
          'ekbh.gif' => 3
        };
24/Oct/2003: okil.gif=3
23/Oct/2003: ekbh.gif=3
0
 
LVL 28

Expert Comment

by:FishMonger
ID: 9654651
I should have clarified one of those lines.

while (<DATA>) { # log file passed to the script via the __DATA__ section at the end of the script

while (<>) { # log file passed to the script via command line
0
 

Author Comment

by:roodawg
ID: 9655570
FM, thanks. This is a thing of beauty.

I should have mentioned that the logfiles are in the format of appserver.log.YYYY-MM-DD and reside in directories called appserv01, appserv02, appserv03, etc. My need is to have this script delve into each of the appservers (excluding any of the webserver directories). Oh and let's not for get formatting to a CSV file. As stated before I'm pretty new to all this and have done this in the past usint perl's opendir() and readdir() statements. I don't need code but by your experience is this the way to go?

Thanks
0
 
LVL 28

Expert Comment

by:FishMonger
ID: 9655796
I don't have enough info to say if your approach is the best method but it sounds fine.  One thing you may want to look at using is the File::Find module.

http://search.cpan.org/~jhi/perl-5.8.1/lib/File/Find.pm
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

A year or so back I was asked to have a play with MongoDB; within half an hour I had downloaded (http://www.mongodb.org/downloads),  installed and started the daemon, and had a console window open. After an hour or two of playing at the command …
There are many situations when we need to display the data in sorted order. For example: Student details by name or by rank or by total marks etc. If you are working on data driven based projects then you will use sorting techniques very frequently.…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now