Solved

search script request

Posted on 2009-05-13
28
300 Views
Last Modified: 2012-05-06
Hello,

I am in need of a script that will take an input file named sark.com.txt which contains this type of info:

ao,300,IN,CNAME,www.sark.com.,,,
bd-integ4-sarkprime,IN,NS,gss-t2i.is.sark.com.,,,,
sarkhub,IN,MX,5,sarkhub1,,,
bpm,IN,NS,gss-t2p.is.sark.com.,,,,
bpmqa,IN,NS,gss-t2i.is.sark.com.,,,,

(BTW..The format above will not change.)

Then I want it to search inside 3 files called
exportOBJ-sark.txt
(example of contents)
10.0.234.254,cli2821cncx-stmin-00-01,,,is.sark.com,Server,"",,,,,-1,0,,,-1,,3,,
10.0.237.254,cli2821cncx-tgsp-00-01,,,is.sark.com,Server,"",,,,,-1,0,,,-1,,3,,

ResourceRecText-ALL.txt
(example of contents)
outputRR-sark.com.txt:ResourceRecText=whdgss1infz-qapri1.is.sark.com.
outputRR-sark.com.txt:ResourceRecText=n3mgss1infz-qasec1.is.sark.com.

exportdnsrr-report.txt
(example of contents)
srsservicing.net,sarkprivate.srsservicing.net,IN,A,-1,100.168.67.190,,,0,0,"",""
srsservicing.net,sarkmanagedcontrolprivate.srsservicing.net,IN,A,-1,100.168.67.189,,,0,0,"",""


For any hits meaning matching names or any name match that is found in these 3 files above to report on it.

The overall goal is to see if the names from sark.com.txt are found anywhere else in these 3 files.

Thanks
0
Comment
Question by:richsark
  • 17
  • 5
  • 2
  • +1
28 Comments
 
LVL 16

Expert Comment

by:Bryan Butler
ID: 24375241
Something like this?

for each line in sark.com.txt
    parse line to get "names" (need better definition of what exactly is a "name")
    for each name found in the line
        search through the 3 files and if any lines have the "name", output the filename and line
0
 
LVL 1

Author Comment

by:richsark
ID: 24375315
Hi,

A name would be categorized as bd-integ4-sarkprime and or gss-t2i.is.sark.com. Another example is:
sarkhub and sarkhub1 which are taken from the sark.com.txt file

ao,300,IN,CNAME,www.sark.com.,,,
bd-integ4-sarkprime,IN,NS,gss-t2i.is.sark.com.,,,,
sarkhub,IN,MX,5,sarkhub1,,,
bpm,IN,NS,gss-t2p.is.sark.com.,,,,
bpmqa,IN,NS,gss-t2i.is.sark.com.,,,,

Does this help?
0
 
LVL 16

Expert Comment

by:Bryan Butler
ID: 24375661
Seems like it would be hard to come up with a rule to determine if a particular parsed token is a "name" or not (I'm assuming tokens are comma separated).  I guess you could just check every token, but then things like "IN" would show up in your examples above.  Is there any rules to determine a "name"?  Or is there rules to determine what's not a name?  If you can work this out, then what I pseudocoded should work.  I can crank up the old perl brain cells and give you some code if you want, but the "name" thing needs to be worked out first.
0
 
LVL 1

Author Comment

by:richsark
ID: 24375767
ok, lets do it like this:

for this example:
bd-integ4-sarkprime,IN,NS,gss-t2i.is.sark.com.,,,,

from that we use:

bd-integ4-sarkprime
gss-t2i.is.sark.com

for this:
sarkhub,IN,MX,5,sarkhub1,,,

lets use:
sarkhub
sarkhub1

you follow me?


0
 
LVL 1

Expert Comment

by:berseken
ID: 24376166
Something like this? :)

======================

#!/usr/bin/perl

my @files_to_search = ("exportOBJ-sark.txt","ResourceRecText-ALL.txt","exportdnsrr-report.txt");

open (FL, "sark.com.txt");
my %search_hash = ();
while (my $line = <FL>) {
  my @parts = split(/,/,$line);
  $search_hash{$parts[0]} = 1;
  $search_hash{$parts[4]} = 1;
}
close(FL);

foreach my $file (@files_to_search) {
  open (FL, $file);
  while (FL) {
     foreach my $key (keys %search_hash) {
       if ($_ =~ /$key/) {
          print $_;
       }
     }
  }
  close(FL);
}
0
 
LVL 1

Author Comment

by:richsark
ID: 24376178
HI,

Let me give it a shot
0
 
LVL 1

Author Comment

by:richsark
ID: 24376337
HI, got this message

Use of uninitialized value $_ in pattern match (m//) at ./compare.pl line 18.
0
 
LVL 1

Expert Comment

by:berseken
ID: 24377413
ok.. try this:

#!/usr/bin/perl

my @files_to_search = ("exportOBJ-sark.txt","ResourceRecText-ALL.txt","exportdnsrr-report.txt");

open (FL, "sark.com.txt");
my %search_hash = ();
while (my $line = <FL>) {
  my @parts = split(/,/,$line);
  $search_hash{$parts[0]} = 1;
  $search_hash{$parts[4]} = 1;
}
close(FL);

foreach my $file (@files_to_search) {
  open (FL, $file);
  while (my $line = <FL>) {
     foreach my $key (keys %search_hash) {
       if ($line =~ /$key/) {
          print $line;
       }
     }
  }
  close(FL);
}
0
 
LVL 1

Author Comment

by:richsark
ID: 24377675
I tried the above, now I get

$ ./compare.pl
./compare.pl: line 1: $'\r': command not found
./compare.pl: line 3: $'\r': command not found
./compare.pl: line 4: syntax error near unexpected token `('
'/compare.pl: line 4: `my @files_to_search = ("exportOBJ-sark.txt","ResourceRecText-ALL.txt","exportdnsrr-report.txt");


0
 
LVL 1

Author Comment

by:richsark
ID: 24377743
My Mistake,

It worked, but I get tons of responses like below: Need to know why there are so many matches??


10.0.234.254,cli2821cncx-stmin-00-01,,,is.sark.com,Server,"",,,,,-1,0,,,-1,,3,,
10.0.234.254,cli2821cncx-stmin-00-01,,,is.sark.com,Server,"",,,,,-1,0,,,-1,,3,,
10.0.237.254,cli2821cncx-tgsp-00-01,,,is.sark.com,Server,"",,,,,-1,0,,,-1,,3,,
outputRR-sark.com.txt:ResourceRecText=whdgss1infz-qapri1.is.sark.com.
outputRR-sark.com.txt:ResourceRecText=n3mgss1infz-qasec1.is.sark.com.
srstservicing.net,sarkprivate.srsservicing.net,IN,A,-1,192.168.67.190,,,0,0,"",""
srstservicing.net,sarkprivate.srsservicing.net,IN,A,-1,192.168.67.190,,,0,0,"",""
0
 
LVL 1

Author Comment

by:richsark
ID: 24380147
HI, I did some trouble shooting, I had the input file with just one entry, Then I ran the above code, it still found tons of unrelated  names.  I think its looking for to many wild cards.

Perhaps we can step through the code to isolate why its finding so many names that do not even match.

Thanks !
0
 
LVL 1

Expert Comment

by:berseken
ID: 24380158
can't tell based on your output.. probably one of the search strings in the sark.com.txt file is really generic and matches a bunch of lines in the search files.

for example, each line in your output has 'sark' in it. So, if one of your search strings is 'sark' then it will match all these lines.
0
 
LVL 1

Author Comment

by:richsark
ID: 24380184
Hi, your right, If my sark.com.txt has only this line:

bd-integ4-sarkprime,IN,NS,gss-t2i.is.sark.com.,,,,

from that we use:

bd-integ4-sarkprime
and
gss-t2i.is.sark.com

The script should then look for bd-integ4-sarkprime and gss-t2i.is.sark.com in the 3 files (exportOBJ-sark.txt","ResourceRecText-ALL.txt","exportdnsrr-report.txt)

for any matches to bd-integ4-sarkprime and gss-t2i.is.sark.com

Is that what its doing?

if not, can we make it so?

Thanks
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 1

Author Comment

by:richsark
ID: 24383848
Hi,

Any follow ups?
0
 
LVL 1

Expert Comment

by:berseken
ID: 24384936
ok. so it almost does that.  

  $search_hash{$parts[4]} = 1;
should be:
  $search_hash{$parts[3]} = 1;

#!/usr/bin/perl

my @files_to_search = ("exportOBJ-sark.txt","ResourceRecText-ALL.txt","exportdnsrr-report.txt");

open (FL, "sark.com.txt");
my %search_hash = ();
while (my $line = <FL>) {
  my @parts = split(/,/,$line);
  $search_hash{$parts[0]} = 1;
  $search_hash{$parts[3]} = 1;
}
close(FL);

foreach my $file (@files_to_search) {
  open (FL, $file);
  while (FL) {
     foreach my $key (keys %search_hash) {
       if ($_ =~ /$key/) {
          print $_;
       }
     }
  }
  close(FL);
}
0
 
LVL 1

Author Comment

by:richsark
ID: 24385412
HI, Thanks for the update,

I now get this:

$ ./compare.pl
Use of uninitialized value $_ in pattern match (m//) at ./compare.pl line 20.
0
 
LVL 1

Author Comment

by:richsark
ID: 24394323
Hi,

Just following up
0
 
LVL 1

Author Comment

by:richsark
ID: 24404184
Hello, Anyone want to help a brotha' out?

I am in need of an expert
0
 
LVL 1

Expert Comment

by:berseken
ID: 24404267
#!/usr/bin/perl

my @files_to_search = ("exportOBJ-sark.txt","ResourceRecText-ALL.txt","exportdnsrr-report.txt");

open (FL, "sark.com.txt");
my %search_hash = ();
while (my $line = <FL>) {
  my @parts = split(/,/,$line);
  $search_hash{$parts[0]} = 1;
  $search_hash{$parts[3]} = 1;
}
close(FL);

foreach my $file (@files_to_search) {
  open (FL, $file);
  while (my $line = <FL>) {
     foreach my $key (keys %search_hash) {
       if ($line =~ /$key/) {
          print $line;
       }
     }
  }
  close(FL);
}
0
 
LVL 1

Author Comment

by:richsark
ID: 24416192
Hi,
Thanks will try it in a few. I have been ill
Thanks
 
0
 
LVL 1

Author Comment

by:richsark
ID: 24420721
HI, I am not sure whats going on...

When I run it, I get tons of scrolling lines, and no matching, reporting on nothing.

any thoughts? or advisement or  an alternative way?


0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 24449871
egrep '(bd-integ4-sarkprime|gss-t2i\.is\.sark\.com|sarkhub|sarkhub1)' exportOBJ-sark.txt ResourceRecText-ALL.txt exportdnsrr-report.txt

KISS - keep it simple stupid
0
 
LVL 1

Author Comment

by:richsark
ID: 24450295
Hello,

Thanks for the update, however, your example means that I have to run them one at a time. I need to make it automatic.

Thanks
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 24451084
> .. make it automatic.
whatever this means, but how about simply stuffing that command into a crontab?
0
 
LVL 1

Author Comment

by:richsark
ID: 24451104
HI :)

I meant to use this script to do the job but to fix it first.



#!/usr/bin/perl
 

my @files_to_search = ("exportOBJ-sark.txt","ResourceRecText-ALL.txt","exportdnsrr-report.txt");
 

open (FL, "sark.com.txt");

my %search_hash = ();

while (my $line = <FL>) {

  my @parts = split(/,/,$line);

  $search_hash{$parts[0]} = 1;

  $search_hash{$parts[3]} = 1;

}

close(FL);
 

foreach my $file (@files_to_search) {

  open (FL, $file);

  while (my $line = <FL>) {

     foreach my $key (keys %search_hash) {

       if ($line =~ /$key/) {

          print $line;

       }

     }

  }

  close(FL);

}

Open in new window

0
 
LVL 1

Accepted Solution

by:
richsark earned 0 total points
ID: 24631964
Hello,

Just following up with the above script to make it work per my requirement on the top of the thread.

Thanks in advance !
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Recently, an awarded photographer, Selina De Maeyer (http://www.selinademaeyer.com/), completed a photo shoot of a beautiful event (http://www.sintjacobantwerpen.be/verslag-en-fotoreportage-van-de-sacramentsprocessie-door-antwerpen#thumbnails) in An…
This is about my first experience with programming Arduino.
Learn the basics of lists in Python. Lists, as their name suggests, are a means for ordering and storing values. : Lists are declared using brackets; for example: t = [1, 2, 3]: Lists may contain a mix of data types; for example: t = ['string', 1, T…
The viewer will learn how to count occurrences of each item in an array.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now