[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Extracting Sign In information from Log

Posted on 2009-02-08
4
Medium Priority
?
183 Views
Last Modified: 2012-05-06
I am looking to take this type of log input:



--------------------

02/06/2009 17:49:56 {PHHIABFFH} {PHHIABFFH} requirePUID Non-Java login
02/06/2009 17:49:56 - - OpMsg User logged on: ;Kâtrinâ. 90.194.181.189 {IPCHHBG}
02/06/2009 17:49:56 {IPCHHBG} {ZEANHBPDOF} SignOn 90.194.181.189 "350211" "32Bit Windows" ";Kâtrinâ."
02/06/2009 17:50:08 - - OpMsg User logged off: ;Kâtrinâ. 90.194.181.189 {IPCHHBG}
02/06/2009 17:50:08 {IPCHHBG} {ZEANHBPDOF} SignOff 90.194.181.189 1 12 "logged off"
02/06/2009 17:50:08 {IPCHHBG} {ZEANHBPDOF} Stats 0
02/06/2009 20:14:55 {PHHIABFFH} {PHHIABFFH} requirePUID Non-Java login
02/06/2009 20:14:55 - - OpMsg User logged on: Samanthaa 24.191.0.120 {BGEPFBG}
02/06/2009 20:14:55 {BGEPFBG} {ZFIHAOBBHB} SignOn 24.191.0.120 "350211" "32Bit Windows" "Samanthaa"
02/06/2009 20:14:56 {BGEPFBG} {ZFIHAOBBHB} logon room change user: Samanthaa changed room from (86) to (87)
02/06/2009 20:14:57 {BGEPFBG} {ZFIHAOBBHB} logon room change user: Samanthaa changed room from (87) to (88)
02/06/2009 20:14:59 {BGEPFBG} {ZFIHAOBBHB} logon room change user: Samanthaa changed room from (88) to (91)
02/06/2009 20:15:12 {BGEPFBG} {ZFIHAOBBHB} SignOff 24.191.0.120 1 17 "logged off"
02/06/2009 20:15:12 {BGEPFBG} {ZFIHAOBBHB} Stats 0
02/06/2009 20:33:05 {PHHIABFFH} {PHHIABFFH} SignOff 38.101.159.30 1 0 "terminated due to comm error"
02/06/2009 20:33:05 {PHHIABFFH} {PHHIABFFH} Stats 0
02/06/2009 21:07:42 {PHHIABFFH} {PHHIABFFH} SignOff 38.101.159.30 1 0 "terminated due to comm error"
02/06/2009 21:07:42 {PHHIABFFH} {PHHIABFFH} Stats 0
02/06/2009 21:08:18 {PHHIABFFH} {PHHIABFFH} requirePUID Non-Java login
02/06/2009 21:08:18 {BECMNPECF} {ZEOCDONNGB} SignOn 24.23.69.109 "350211" "32Bit Windows" "·: opteron"
02/06/2009 22:21:24 {BECMNPECF} {ZEOCDONNGB} SignOff 24.23.69.109 1 6 "logged off"


--------------------

And pull it the following information using PERL

Last 3 Logins:
Username: ;Kâtrinâ.            IP: 90.194.181.189            Time: 02/06/2009 5:49:56 P.M.       Duration: 12 secs
Username: Samanthaa            IP: 24.191.0.120            Time: 02/06/2009 8:14:55 P.M.      Duration: 17 secs
Username: ·: opteron      IP: 24.23.69.109                  Time: 02/06/2009 9:08:18 P.M.      Duration: 1 Hr 13 min 6 secs


----

Ill give partial credit if you can just figure out how to extract the name and duration in any format..the other parts are that important. Just the duration really
0
Comment
Question by:frothroo96
  • 2
4 Comments
 
LVL 64

Expert Comment

by:Fernando Soto
ID: 23585356
Hi frothroo96;

I do not know PERL to give the syntax of the regex command but I have tested this pattern on a couple of web site tester and seems to work.

(\d{2}\/\d{2}\/\d{4}\s\d{2}:\d{2}:\d{2}).*?SignOn\s.*?(\d+\.\d+\.\d+\.\d+).*\x22([^\x22]+)\x22\n

Capture Group 1 returns the date and time.
Capture Group 2 returns the IP address
Capture Group 3 returns the User

Fernando
0
 
LVL 10

Accepted Solution

by:
oleber earned 1000 total points
ID: 23585384
Try
#!/usr/bin/perl
use strict;
use warnings;
use Time::Local;
use integer;
use POSIX qw(strftime);
 
my %login;
while ( my $line = <> ) {
    chomp($line);
    if ( $line =~ m|^(\d+)/(\d+)/(\d+) (\d+):(\d+):(\d+) .* SignOn (\d+\.\d+\.\d+\.\d+).*\"(.*)\"$| ) {
        $login{$7} = [ timelocal( $6, $5, $4, $1, $2 - 1, $3 - 1900 ), $7, $8 ];
    } elsif ( $line =~ m|^(\d+)/(\d+)/(\d+) (\d+):(\d+):(\d+) .* SignOff (\d+\.\d+\.\d+\.\d+).*\"logged off\"$| ) {
        my $login = $login{$7};
        if ( defined $login ) {
            my $time          = timelocal( $6, $5, $4, $1, $2 - 1, $3 - 1900 );
            my $duration      = $time - $login->[0];
            my $duration_text = ( $duration % 60 ) . " secs";
            if ( $duration /= 60 ) {
                $duration_text = ( ( $duration % 60 ) . " min " ) . $duration_text;
                if ( $duration /= 60 ) {
                    $duration_text = ( ( $duration % 24 ) . " Hr " ) . $duration_text;
                    if ( $duration /= 24 ) {
                        $duration_text = ( $duration . " days " ) . $duration_text;
                    }
                }
            }
 
            my $date = strftime( '%d/%m/%Y %I:%M:%S %p', localtime( $login->[0] ) );
 
            print "Username: $login{$7}->[2]\tIP: $7\tTime: $date\tDuration: $duration_text\n";
            delete $login{$7};
        }
    } else {
 
    }
} ## end while ( my $line = <> )

Open in new window

0
 
LVL 85

Assisted Solution

by:ozo
ozo earned 1000 total points
ID: 23585587
use Time::Local;
use POSIX;
my(%i,@l,$mdyHMS,$i,$u);
while( <DATA> ){
    if( ($mdyHMS,$i,$u) = /^(\S+\s+\S+).*? SignOn (\S+).*"(.*)"/ ){
       my($m,$d,$y,$H,$M,$S)=split/\D+/,$mdyHMS;
       my $t=timegm($S,$M,$H,$d,$m-1,$y-1900);
       $i{$i}=[$t,$u];
    }elsif( ($mdyHMS,$i) = /^(\S+\s+\S+).*? SignOff (\S+).*"logged off"/ ){
        my($m,$d,$y,$H,$M,$S)=split/\D+/,$mdyHMS;
        my $t=timegm($S,$M,$H,$d,$m-1,$y-1900) - $i{$i}[0];
        my $D;
        if( $t >= 3600 ){ $D .= int($t/3600)." Hr "; $t %= 3600; }
        if( $t >= 60 ){ $D .= int($t/60)." min "; $t %= 60; }
        if( $t && !$D ){ $D .= "$t secs"; }
        push @l,sprintf("%10d\0%s\tIP: %s\tTime: %s\tDuratiion: %s\n",$i{$i}[0],$i{$i}[1],$i,strftime("%d/%m/%Y %r",gmtime $i{$i}[0]),$D);
    }
}
print "last ".@l." logins:\n";
s/.*?\0/Username: /,print for sort @l;
__DATA__
02/06/2009 17:49:56 {PHHIABFFH} {PHHIABFFH} requirePUID Non-Java login
02/06/2009 17:49:56 - - OpMsg User logged on: ;Kâtrinâ. 90.194.181.189 {IPCHHBG}
02/06/2009 17:49:56 {IPCHHBG} {ZEANHBPDOF} SignOn 90.194.181.189 "350211" "32Bit Windows" ";Kâtrinâ."
02/06/2009 17:50:08 - - OpMsg User logged off: ;Kâtrinâ. 90.194.181.189 {IPCHHBG}
02/06/2009 17:50:08 {IPCHHBG} {ZEANHBPDOF} SignOff 90.194.181.189 1 12 "logged off"
02/06/2009 17:50:08 {IPCHHBG} {ZEANHBPDOF} Stats 0
02/06/2009 20:14:55 {PHHIABFFH} {PHHIABFFH} requirePUID Non-Java login
02/06/2009 20:14:55 - - OpMsg User logged on: Samanthaa 24.191.0.120 {BGEPFBG}
02/06/2009 20:14:55 {BGEPFBG} {ZFIHAOBBHB} SignOn 24.191.0.120 "350211" "32Bit Windows" "Samanthaa"
02/06/2009 20:14:56 {BGEPFBG} {ZFIHAOBBHB} logon room change user: Samanthaa changed room from (86) to (87)
02/06/2009 20:14:57 {BGEPFBG} {ZFIHAOBBHB} logon room change user: Samanthaa changed room from (87) to (88)
02/06/2009 20:14:59 {BGEPFBG} {ZFIHAOBBHB} logon room change user: Samanthaa changed room from (88) to (91)
02/06/2009 20:15:12 {BGEPFBG} {ZFIHAOBBHB} SignOff 24.191.0.120 1 17 "logged off"
02/06/2009 20:15:12 {BGEPFBG} {ZFIHAOBBHB} Stats 0
02/06/2009 20:33:05 {PHHIABFFH} {PHHIABFFH} SignOff 38.101.159.30 1 0 "terminated due to comm error"
02/06/2009 20:33:05 {PHHIABFFH} {PHHIABFFH} Stats 0
02/06/2009 21:07:42 {PHHIABFFH} {PHHIABFFH} SignOff 38.101.159.30 1 0 "terminated due to comm error"
02/06/2009 21:07:42 {PHHIABFFH} {PHHIABFFH} Stats 0
02/06/2009 21:08:18 {PHHIABFFH} {PHHIABFFH} requirePUID Non-Java login
02/06/2009 21:08:18 {BECMNPECF} {ZEOCDONNGB} SignOn 24.23.69.109 "350211" "32Bit Windows" "·: opteron"
02/06/2009 22:21:24 {BECMNPECF} {ZEOCDONNGB} SignOff 24.23.69.109 1 6 "logged off"
0
 
LVL 85

Expert Comment

by:ozo
ID: 23585602
sorry, && !$D should have been || !$D
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this post we will learn different types of Android Layout and some basics of an Android App.
Although it can be difficult to imagine, someday your child will have a career of his or her own. He or she will likely start a family, buy a home and start having their own children. So, while being a kid is still extremely important, it’s also …
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question