E
erik
I am basically chopping up some netscreen logs and taking the "service"
aka protocol out of each log entry and I am attempting to look up any
unknown protocols in my /etc/services on my Suse box.
Now my array of services looks like this:
winframe udp/88 udp/7001 udp/389 udp/38293 udp/370 udp/3544 udp/3478
udp/2967 udp/1900 udp/1604 tcp/9000 tcp/88 tcp/8080 tcp/8006 tcp/8000
tcp/554 tcp/5050 tcp/4101 tcp/3268 tcp/3128 tcp/2967 tcp/2693 tcp/2442
tcp/1863 tcp/1755 tcp/1521 tcp/135 tcp/1237 tcp/1206 tcp/1202 tcp/1196
tcp/1191 tcp/1186 tcp/1183 tcp/1181 tcp/1177 tcp/1176 tcp/1174 tcp/1173
tcp/1172 tcp/1170 tcp/1169 tcp/1168 tcp/1136 tcp/1132 tcp/1111 tcp/1100
tcp/106 tcp/1055 tcp/1054 tcp/1052 tcp/1051 tcp/1050 tcp/1049 tcp/1044
tcp/1039 tcp/1026 tcp/1025 rpc(tcp) proto:41/1 pptp ldap icmp https
http ftp dns X-Windows VDO-Live-tcp NTP NETBIOS(SSN) NETBIOS(NS)
NETBIOS(DGM) DNS-(TCP) tcp/1176 NETBIOS(SSN)
The format of /etc/services is the opposite, it is 9000/tcp or
3544/udp.... (flip flopped)
I need to flip flop the proper elements in my array so that I can use
them in a grep.
I was thinking of something like
if ($_ eq (^tcp|^udp)){
$_ =~ $1
(I get confused here)
I am using parentheses above and trying to use $1 for what I matched to
paste it on the end of the $_.
Can someone point me in the right direction to turn, for example
tcp/1176 into 1176/tcp???
My head is spinning.
aka protocol out of each log entry and I am attempting to look up any
unknown protocols in my /etc/services on my Suse box.
Now my array of services looks like this:
winframe udp/88 udp/7001 udp/389 udp/38293 udp/370 udp/3544 udp/3478
udp/2967 udp/1900 udp/1604 tcp/9000 tcp/88 tcp/8080 tcp/8006 tcp/8000
tcp/554 tcp/5050 tcp/4101 tcp/3268 tcp/3128 tcp/2967 tcp/2693 tcp/2442
tcp/1863 tcp/1755 tcp/1521 tcp/135 tcp/1237 tcp/1206 tcp/1202 tcp/1196
tcp/1191 tcp/1186 tcp/1183 tcp/1181 tcp/1177 tcp/1176 tcp/1174 tcp/1173
tcp/1172 tcp/1170 tcp/1169 tcp/1168 tcp/1136 tcp/1132 tcp/1111 tcp/1100
tcp/106 tcp/1055 tcp/1054 tcp/1052 tcp/1051 tcp/1050 tcp/1049 tcp/1044
tcp/1039 tcp/1026 tcp/1025 rpc(tcp) proto:41/1 pptp ldap icmp https
http ftp dns X-Windows VDO-Live-tcp NTP NETBIOS(SSN) NETBIOS(NS)
NETBIOS(DGM) DNS-(TCP) tcp/1176 NETBIOS(SSN)
The format of /etc/services is the opposite, it is 9000/tcp or
3544/udp.... (flip flopped)
I need to flip flop the proper elements in my array so that I can use
them in a grep.
I was thinking of something like
if ($_ eq (^tcp|^udp)){
$_ =~ $1
(I get confused here)
I am using parentheses above and trying to use $1 for what I matched to
paste it on the end of the $_.
Can someone point me in the right direction to turn, for example
tcp/1176 into 1176/tcp???
My head is spinning.