awk to ruby 1.9

[Panagiotis Atmatzidis]

Hello,

I'm a total newbe. I'm trying to figure out how to grab a specific Xth =
character from a .log and put it into an array.

So far, I've got to this code snippet:

------------
# encoding: utf-8
class ReadIPs
def initialize
@read_ips =3D []
end

def get_ips(filename)
ips =3D [] # make a list of ip addressses
File.foreach(filename) do |line|
puts "#{line}" if line =3D~ /Ban/
end
end
end

ipadds =3D ReadIPs.new
a =3D ipadds.get_ips("fail2ban.log")
--------------


The output though parses lines the following:=20

2009-11-19 00:31:29,928 fail2ban.actions: WARNING [ssh-ipfw] Ban =
203.169.139.171


Now, I'd like to isolate the IP and put it into an Array.

I would like to use the output from the cli: "$ grep Ban =
fail2ban.log|awk -F "Ban" '{print $2}'"

60.12.200.xx
193.193.221.xx
85.72.xx.xx
124.207.xx.xx



regards

Panagiotis (atmosx) Atmatzidis

email: (e-mail address removed)
URL: http://www.convalesco.org
GnuPG ID: 0xFC4E8BB4=20
gpg --keyserver x-hkp://pgp.mit.edu --recv-keys 0xFC4E8BB4

 

[David Masover]

Hello,

I'm a total newbe. I'm trying to figure out how to grab a specific Xth
character from a .log and put it into an array.

So far, I've got to this code snippet:

------------
# encoding: utf-8
class ReadIPs
def initialize
@read_ips = []
end

def get_ips(filename)
ips = [] # make a list of ip addressses
File.foreach(filename) do |line|
puts "#{line}" if line =~ /Ban/
end
end
end

ipadds = ReadIPs.new
a = ipadds.get_ips("fail2ban.log")
--------------


The output though parses lines the following:

2009-11-19 00:31:29,928 fail2ban.actions: WARNING [ssh-ipfw] Ban
203.169.139.171


Now, I'd like to isolate the IP and put it into an Array.

It looks as though you've gotten that started...

def initialize
@read_ips = []
end

But you never seem to use this array.

def get_ips(filename)
ips = [] # make a list of ip addressses
File.foreach(filename) do |line|
puts "#{line}" if line =~ /Ban/
end
end

You never seem to use this array, either. You could do something like this:

def get_ips(filename)
File.open filename do |file|
file.each_line.select{|line| line =~ /Ban/}
end
end

That will at least return an array of lines containing Ban. But you already
know what each line looks like. Here's another way, that looks kind of like
what you started:

def get_ips(filename)
ips = []
File.open filename do |file|
file.each_line do |line|
if line =~ /Ban\s+(\S+)$/
ips << $1.chomp
end
end
end
ips
end

I would like to use the output from the cli: "$ grep Ban fail2ban.log|awk
-F "Ban" '{print $2}'"

You could probably figure out a way to do this in Ruby, and it probably
wouldn't be too much worse than the awk version, but if you really want to do
it that way, try backticks. If this is the output you're expecting:

60.12.200.xx
193.193.221.xx
85.72.xx.xx
124.207.xx.xx

you could probably get away with:

ips = `grep Ban fail2ban.log | awk -F "BAN" '{print $2}'`.each_line.to_a

By the way, all of this is giving you ips as strings. If you're wanting to
actually manipulate the ips at all, I'd suggest looking at IPAddr. (You
probably don't, but just in case...)

 

[Panagiotis Atmatzidis]

Hello,
=20
I'm a total newbe. I'm trying to figure out how to grab a specific = Xth
character from a .log and put it into an array.
=20
So far, I've got to this code snippet:
=20
------------
# encoding: utf-8
class ReadIPs
def initialize
@read_ips =3D []
end
=20
def get_ips(filename)
ips =3D [] # make a list of ip addressses
File.foreach(filename) do |line|
puts "#{line}" if line =3D~ /Ban/
end
end
end
=20
ipadds =3D ReadIPs.new
a =3D ipadds.get_ips("fail2ban.log")
--------------
=20
=20
The output though parses lines the following:
=20
2009-11-19 00:31:29,928 fail2ban.actions: WARNING [ssh-ipfw] Ban
203.169.139.171
=20
=20
Now, I'd like to isolate the IP and put it into an Array.

=20
It looks as though you've gotten that started...
=20

def initialize
@read_ips =3D []
end

=20
But you never seem to use this array.

Oh, you mean the "<<" flags. Right, I saw fractions of code but I was =
not sure what "<<" meant.

=20

def get_ips(filename)
ips =3D [] # make a list of ip addressses
File.foreach(filename) do |line|
puts "#{line}" if line =3D~ /Ban/
end
end

=20
You never seem to use this array, either. You could do something like = this:
=20
def get_ips(filename)
File.open filename do |file|
file.each_line.select{|line| line =3D~ /Ban/}
end
end
=20
That will at least return an array of lines containing Ban. But you = already=20
know what each line looks like. Here's another way, that looks kind of = like=20
what you started:
=20
def get_ips(filename)
ips =3D []
File.open filename do |file|
file.each_line do |line|
if line =3D~ /Ban\s+(\S+)$/
ips << $1.chomp
end
end
end
ips
end

Thanks for code snippet. I see now how should ips be used in order to =
create an array.

=20
=20
You could probably figure out a way to do this in Ruby, and it = probably=20
wouldn't be too much worse than the awk version, but if you really = want to do=20
it that way, try backticks. If this is the output you're expecting:
=20
=20
you could probably get away with:
=20
ips =3D `grep Ban fail2ban.log | awk -F "BAN" '{print = $2}'`.each_line.to_a
=20
By the way, all of this is giving you ips as strings. If you're = wanting to=20
actually manipulate the ips at all, I'd suggest looking at IPAddr. = (You=20
probably don't, but just in case...)
=20

I have found this code snippet, with a slight change runs under ruby1.9

def ip(filename)=20
ips =3D []
File.read(filename).lines.to_a.each do |place|
sf =3D 0
while sfn =3D =
place.index(/(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|=
[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4]=
[0-9]|[01]?[0-9][0-9]?)/,sf)
sf =3D sfn + 3
ips << $&
end
end
return ips
end


Thanks for your pointers
regards


Panagiotis (atmosx) Atmatzidis

email: (e-mail address removed)
URL: http://www.convalesco.org
GnuPG ID: 0xFC4E8BB4=20
gpg --keyserver x-hkp://pgp.mit.edu --recv-keys 0xFC4E8BB4

 

[timr]

You can certainly recreate the awk functionality. But for the lazy
programmer who likes the tool that already exists try something like:

awk_test.txt
this is some text 4
___________________________text 4


You can also use the IO class to create pipe to a unix command like
awk or agrep
in this example(code I have in my .irbrc file):

#you need to have TEV agrep installed to use this code
def agrep_with_string(regex, string)
temp_file = 'temp_file_for_agrep'
File.open(temp_file, 'w'){|f| f.puts string}
str = "agrep --color -e '#{regex.source}' #{temp_file}"
IO.popen(str){|io| @hits = io.readlines}
File.delete(temp_file)
@hits
end

Hello,

I'm a total newbe. I'm trying to figure out how to grab a specific Xth character from a .log and put it into an array.

So far, I've got to this code snippet:

------------
# encoding: utf-8
class ReadIPs
  def initialize
    @read_ips = []
  end

  def get_ips(filename)
    ips = [] # make a list of ip addressses
    File.foreach(filename) do |line|
       puts "#{line}" if line =~ /Ban/
       end
  end
end

ipadds = ReadIPs.new
a = ipadds.get_ips("fail2ban.log")
--------------

The output though parses lines the following:

2009-11-19 00:31:29,928 fail2ban.actions: WARNING [ssh-ipfw] Ban 203.169.139.171

Now, I'd like to isolate the IP and put it into an Array.

I would like to use the output from the cli: "$ grep Ban fail2ban.log|awk-F "Ban" '{print $2}'"

 60.12.200.xx
 193.193.221.xx
 85.72.xx.xx
 124.207.xx.xx

regards

Panagiotis (atmosx) Atmatzidis

email:  (e-mail address removed)
URL:    http://www.convalesco.org
GnuPG ID: 0xFC4E8BB4
gpg --keyserver x-hkp://pgp.mit.edu --recv-keys 0xFC4E8BB4

 

[brabuhr]

Hello,

I'm a total newbe. I'm trying to figure out how to grab a specific Xth ch=

aracter from a .log and put it into an array.

The output though parses lines the following:

2009-11-19 00:31:29,928 fail2ban.actions: WARNING [ssh-ipfw] Ban 203.169.= 139.171

Now, I'd like to isolate the IP and put it into an Array.

I would like to use the output from the cli: "$ grep Ban fail2ban.log|awk= -F "Ban" '{print $2}'"

=A060.12.200.xx
=A0193.193.221.xx
=A085.72.xx.xx
=A0124.207.xx.xx

$ echo '2009-11-19 00:31:29,928 fail2ban.actions: WARNING [ssh-ipfw]
Ban 203.169.139.171' | awk -F "Ban" '{print $2}'
203.169.139.171

$ echo '2009-11-19 00:31:29,928 fail2ban.actions: WARNING [ssh-ipfw]
Ban 203.169.139.171' | ruby -ne 'print split("Ban")[1]'
203.169.139.171

def get_ips(filename)
ips =3D [] # make a list of ip addressses
File.foreach(filename) do |line|
puts "#{line}" if line =3D~ /Ban/
end
end

Incorporating that into your program snippet:

def get_ips(filename)
ips =3D []
File.foreach(filename) do |line|
next unless line =3D~ /Ban/
ips << line.split("Ban")[1]
end
ips
end

(Though in a real program, rather than split like above, I would
probably use a capturing regex to grab the IP address.)

Unless the file is huge, I would probably use scan:

def banned_ips_from(filename)
File.read(filename).scan(/Ban (.*)/).flatten
end

 

[Robert Klemme]

The output though parses lines the following:

2009-11-19 00:31:29,928 fail2ban.actions: WARNING [ssh-ipfw] Ban
203.169.139.171
I would like to use the output from the cli: "$ grep Ban fail2ban.log|awk
-F "Ban" '{print $2}'"

I have found this code snippet, with a slight change runs under ruby1.9

def ip(filename)
ips = []
File.read(filename).lines.to_a.each do |place|
sf = 0
while sfn = place.index(/(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)/,sf)
sf = sfn + 3
ips << $&
end
end
return ips
end

It seems that is making things unnecessary complicated (there is a
superfluous to_a in there etc.). That should be sufficient for your case:

require 'set'

def ips(file_name)
ips = Set.new # [] if you do want dups

File.foreach file_name do |line|
ip = line[/Ban\s+(\d{1,3}(?:\.\d{1,3}){3})/, 1] and
ips << ip
end

ips
end

Note: I am using a Set here in order to avoid reporting duplicates. If
you want duplicates just use an array as indicated above.

Other than that this is what the code does: File.foreach iterates a file
line by line. The expression line[/.../, 1] extracts capturing group 1
of the regexp if it matches. Otherwise you get nil. Then I use that
information immediately with "and" to decide whether to add to the set
or not. The regular expression is not as selective as the one you have
found in terms of the IP but it does match the "Ban" so it should be
safer (after all, you know the format of the file). Also, the piece you
found seems to iterate while in your file there is at most one IP per
line (if your example covers all options).

Plus, the iteration with index is awkward and inefficient. In Ruby you
would rather do

place.scan /.../ do |ip|
ips << ip
end

But as I said, scanning is not necessary if there is at most a single IP
per line.

And, last but not least a more modular solution in which you do not need
an Array or Set but rather use Ruby's block feature to deal with
individual IPs:

def ban_ips(file_name)
File.foreach file_name do |line|
ip = line[/Ban\s+(\d{1,3}(?:\.\d{1,3}){3})/, 1] and
yield ip
end
end

With that you can do

ban_ips "fail2ban.log" do |ip|
printf "found IP %-15s\n", ip
end

or

ips = []

ban_ips "fail2ban.log" do |ip|
ips << ip
end

puts "found #{ips.size} IPs"

Welcome to the wonderful world of Ruby!

Kind regards

robert

 

[Panagiotis Atmatzidis]

Good evening (it's 8:48 pm here)!

First I would like to thank you all for the responses. I've got really =
much more than I hoped too when I sent the post.

=20
2009-11-19 00:31:29,928 fail2ban.actions: WARNING [ssh-ipfw] Ban
203.169.139.171 =20
I would like to use the output from the cli: "$ grep Ban = fail2ban.log|awk
-F "Ban" '{print $2}'"

=20
I have found this code snippet, with a slight change runs under = ruby1.9
def ip(filename) ips =3D []
File.read(filename).lines.to_a.each do |place|
sf =3D 0
while sfn =3D =

place.index(/(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|=
[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4]=
[0-9]|[01]?[0-9][0-9]?)/,sf)

sf =3D sfn + 3
ips << $&
end
end
return ips
end

=20
It seems that is making things unnecessary complicated (there is a =

superfluous to_a in there etc.). That should be sufficient for your =
case:

=20
require 'set'
=20
def ips(file_name)
ips =3D Set.new # [] if you do want dups
=20
File.foreach file_name do |line|
ip =3D line[/Ban\s+(\d{1,3}(?:\.\d{1,3}){3})/, 1] and
ips << ip
end
=20
ips
end
=20
Note: I am using a Set here in order to avoid reporting duplicates. =

If you want duplicates just use an array as indicated above.

Yes. I did not write this function myself. I found it on the internet, =
and adjust it just a little bit to make it work with 1.9 version. I have =
no idea at this point what place.index does neither "set" which you =
used. Today I reached the "hashes" chapter and still did not finnish it =
all! But I'm eager to write actual programs that's why I started working =
on small project in parallel with the book. It's a good practice helps =
you understand things although it may turn a bit confusing at times.

=20
Other than that this is what the code does: File.foreach iterates a =

file line by line. The expression line[/.../, 1] extracts capturing =
group 1 of the regexp if it matches. Otherwise you get nil. Then I use =
that information immediately with "and" to decide whether to add to the =
set or not. The regular expression is not as selective as the one you =
have found in terms of the IP but it does match the "Ban" so it should =
be safer (after all, you know the format of the file). Also, the piece =
you found seems to iterate while in your file there is at most one IP =
per line (if your example covers all options).

True. There is 1 ip per line and some duplicates but there's a catch =
also. There are some IP's that are captured more than 1 time with the =
"Ban" flag. Which means that they were captured in a different time. =
Fail2ban blocks the IP for a couple of minutes in order to avoid the =
password brute-force which is taking place. After 3 minutes Unbans the =
ip. So the usual kind of log is this:

2009-11-15 15:19:35,222 fail2ban.actions: WARNING [ssh-ipfw] Ban =
195.66.191.75
2009-11-15 15:29:35,643 fail2ban.actions: WARNING [ssh-ipfw] Unban =
195.66.191.75
2009-11-16 07:46:59,854 fail2ban.actions: WARNING [ssh-ipfw] Ban =
203.172.184.130
2009-11-16 07:57:00,085 fail2ban.actions: WARNING [ssh-ipfw] Unban =
203.172.184.130

[*I leave the IP's intact because these are actual SSH attacks and... if =
the admin don't care for his host, neither do I.]

So at this point, I need really to display duplicates and maybe issue a =
bold warning when an IP appears more than 5 times. It means that your =
host is probably *targeted*.

=20
Plus, the iteration with index is awkward and inefficient. In Ruby = you would rather do
=20
place.scan /.../ do |ip|
ips << ip
end
=20
But as I said, scanning is not necessary if there is at most a single =

IP per line.

I'll keep that in mind. I never used the .scan function anyway.

=20
And, last but not least a more modular solution in which you do not =

need an Array or Set but rather use Ruby's block feature to deal with =
individual IPs:

=20
def ban_ips(file_name)
File.foreach file_name do |line|
ip =3D line[/Ban\s+(\d{1,3}(?:\.\d{1,3}){3})/, 1] and
yield ip
end
end
=20
With that you can do
=20
ban_ips "fail2ban.log" do |ip|
printf "found IP %-15s\n", ip
end

Although I dislike the printf use here, this is a code snippet that I =
understand entirely, which is a good thing

=20
or
=20
ips =3D []
=20
ban_ips "fail2ban.log" do |ip|
ips << ip
end
=20
puts "found #{ips.size} IPs"
=20
Welcome to the wonderful world of Ruby!

Thanks!!! THe learning process is for sure much easier than Objective-C, =
the syntax much more straight forward, but some concepts I'm still =
struggling to understand them! Thanks for your reply though, it was very =
enlightening.

=20
Kind regards
=20
robert
=20
--=20
remember.guy do |as, often| as.you_can - without end
http://blog.rubybestpractices.com/
=20

PS. yes I know I can install SNORT and get over it, but it's much =
funnier creating your own programs! Oh, this mailing list is *really* =
good

Panagiotis (atmosx) Atmatzidis

email: (e-mail address removed)
URL: http://www.convalesco.org
GnuPG ID: 0xFC4E8BB4=20
gpg --keyserver x-hkp://pgp.mit.edu --recv-keys 0xFC4E8BB4

 

[Robert Klemme]

Good evening (it's 8:48 pm here)!

Are you in Greece? It seems the country is shaken by riots currently.
I hope, no more people get killed in the course of action. It's enough
that a young boy died a year ago.

True. There is 1 ip per line and some duplicates but there's a catch also. There are some IP's that are captured more than 1 time with the "Ban" flag. Which means that they were captured in a different time. Fail2ban blocks the IP for a couple of minutes in order to avoid the password brute-force which is taking place. After 3 minutes Unbans the ip. So the usual kind of log is this:

2009-11-15 15:19:35,222 fail2ban.actions: WARNING [ssh-ipfw] Ban 195.66.191.75
2009-11-15 15:29:35,643 fail2ban.actions: WARNING [ssh-ipfw] Unban 195.66.191.75
2009-11-16 07:46:59,854 fail2ban.actions: WARNING [ssh-ipfw] Ban 203.172.184.130
2009-11-16 07:57:00,085 fail2ban.actions: WARNING [ssh-ipfw] Unban 203.172.184.130

[*I leave the IP's intact because these are actual SSH attacks and... if the admin don't care for his host, neither do I.]

So at this point, I need really to display duplicates and maybe issue a bold warning when an IP appears more than 5 times. It means that your host is probably *targeted*.

In that case you probably want to use a Hash for counting like this

ips = Hash.new 0

....
if ips[ip] += 1 >= 5
$stderr.puts "WARNING: potential attack from #{ip}!"
end
....

Thanks!!! THe learning process is for sure much easier than Objective-C, the syntax much more straight forward, but some concepts I'm still struggling to understand them! Thanks for your reply though, it was very enlightening.

You're welcome!

PS. yes I know I can install SNORT and get over it, but it's much funnier creating your own programs!

Absolutely!

Oh, this mailing list is *really* good

Thanks a bunch! This group is among the friendlies places I know for
exchange of technical thoughts.

Kind regards

robert

 

[Bertram Scharpf]

Hi,

Am Samstag, 05. Dez 2009, 05:09:35 +0900 schrieb Panagiotis Atmatzidis:

------------

File.foreach(filename) do |line|
puts "#{line}" if line =~ /Ban/
end

ipadds.get_ips("fail2ban.log")
--------------

The output though parses lines the following:

2009-11-19 00:31:29,928 fail2ban.actions: WARNING [ssh-ipfw] Ban 203.169.139.171

I would like to use the output from the cli: "$ grep Ban fail2ban.log|awk -F "Ban" '{print $2}'"

The correct translation of `-F Ban "{print $2}"' would be

ary = line.split /Ban/
puts ary[ 2]

I would prefer something like

if line =~ /Ban\s+/ then
puts $'.split.first
end

You can play around that for the rest of the day:

ary = line.split
while ary.any? do
if ary.shift == "Ban" then
puts ary.first
break
end
end

I don't think it's worth here the effort of IP address parsing but
thats surely a matter of taste.

Bertram

 

[Panagiotis Atmatzidis]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

Hi,
=20
Am Samstag, 05. Dez 2009, 05:09:35 +0900 schrieb Panagiotis = Atmatzidis:

------------
=20
File.foreach(filename) do |line|
puts "#{line}" if line =3D~ /Ban/
end
=20
ipadds.get_ips("fail2ban.log")
--------------
=20
The output though parses lines the following:=20
=20
2009-11-19 00:31:29,928 fail2ban.actions: WARNING [ssh-ipfw] Ban = 203.169.139.171
=20
I would like to use the output from the cli: "$ grep Ban =

fail2ban.log|awk -F "Ban" '{print $2}'"

=20
The correct translation of `-F Ban "{print $2}"' would be
=20
ary =3D line.split /Ban/
puts ary[ 2]
=20
I would prefer something like
=20
if line =3D~ /Ban\s+/ then
puts $'.split.first
end
=20
You can play around that for the rest of the day:
=20
ary =3D line.split
while ary.any? do
if ary.shift =3D=3D "Ban" then
puts ary.first
break
end
end
=20
I don't think it's worth here the effort of IP address parsing but
thats surely a matter of taste.
=20
Bertram

First, thanks for the code.

The parsing that I use was ready actually and works quite nice. I'm not =
able to write regexp at that level yet. That's why I used it.

=20
=20
--=20
Bertram Scharpf
Stuttgart, Deutschland/Germany
*
Discover String#notempty? at <http://raa.ruby-lang.org/project/step>.
=20

Panagiotis (atmosx) Atmatzidis

email: (e-mail address removed)
URL: http://www.convalesco.org
GnuPG ID: 0xFC4E8BB4=20
gpg --keyserver x-hkp://pgp.mit.edu --recv-keys 0xFC4E8BB4
- --
The wise man said: "Never argue with an idiot. They bring you down to =
their level and beat you with experience."

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.12 (Darwin)

iEYEARECAAYFAksdLsoACgkQrghUb/xOi7QRCACdFTT8hkstbPlj62mTTQyqkOJ0
DqQAn1w/mEOiVDPk1lgDHCCMVk15m/Ew
=3DrCzl
-----END PGP SIGNATURE-----

 

[Panagiotis Atmatzidis]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

=20
Are you in Greece? It seems the country is shaken by riots currently. =

I hope, no more people get killed in the course of action. It's enough =
that a young boy died a year ago.

Yes I am Greek. True, it's a mess. This years, all the riots was just a =
reminder of last year's chaos. Where I live however, it's okay, no =
broken stores or burned cars around here, nothing happens.

=20

also. There are some IP's that are captured more than 1 time with the =
"Ban" flag. Which means that they were captured in a different time. =
Fail2ban blocks the IP for a couple of minutes in order to avoid the =
password brute-force which is taking place. After 3 minutes Unbans the =
ip. So the usual kind of log is this:

2009-11-15 15:19:35,222 fail2ban.actions: WARNING [ssh-ipfw] Ban = 195.66.191.75
2009-11-15 15:29:35,643 fail2ban.actions: WARNING [ssh-ipfw] Unban = 195.66.191.75
2009-11-16 07:46:59,854 fail2ban.actions: WARNING [ssh-ipfw] Ban = 203.172.184.130
2009-11-16 07:57:00,085 fail2ban.actions: WARNING [ssh-ipfw] Unban = 203.172.184.130
[*I leave the IP's intact because these are actual SSH attacks and... = if the admin don't care for his host, neither do I.]
So at this point, I need really to display duplicates and maybe issue =

a bold warning when an IP appears more than 5 times. It means that your =
host is probably *targeted*.

=20
In that case you probably want to use a Hash for counting like this
=20
ips =3D Hash.new 0
=20
...
if ips[ip] +=3D 1 >=3D 5
$stderr.puts "WARNING: potential attack from #{ip}!"
end
...

I used a similar approach, which is used by the book also. I've created =
another file (like a library of sorts) and created new hash which keeps =
track of the number an IP shows up.

# statistics
class Stats
def self.count_ip_display(ips)
counts =3D Hash.new(0)
for ip in ips
counts[ip] +=3D 1
end
sort =3D counts.sort_by {|ip, display| display}
#top_ten =3D sort.last(10).reverse
#top_ten
len =3D sort.length
ips
sort
end
end


I see that your sample above, is like " Hasn.new 0". I guess that's just =
another syntax for Hash.new(0) right?

=20

Objective-C, the syntax much more straight forward, but some concepts =
I'm still struggling to understand them! Thanks for your reply though, =
it was very enlightening.

=20
You're welcome!
=20

funnier creating your own programs!

=20
Absolutely!
=20
=20
Thanks a bunch! This group is among the friendlies places I know for =

exchange of technical thoughts.

=20
Kind regards
=20
robert

Yes, it's nice to feel good with other people. Having a Linux background =
I've faced too many "elite-driven" hostile communities in the past to =
understand the value of a healthy (of trolls, etc) ML

=20
--=20
remember.guy do |as, often| as.you_can - without end
http://blog.rubybestpractices.com/
=20

Panagiotis (atmosx) Atmatzidis

email: (e-mail address removed)
URL: http://www.convalesco.org
GnuPG ID: 0xFC4E8BB4=20
gpg --keyserver x-hkp://pgp.mit.edu --recv-keys 0xFC4E8BB4
- --
The wise man said: "Never argue with an idiot. They bring you down to =
their level and beat you with experience."

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.12 (Darwin)

iEYEARECAAYFAksdMBAACgkQrghUb/xOi7SbgACggQbt+oqU08lU4jT566JF0S2s
uDsAnRIJEn3dbqQrin+mQXHJItz8vVsF
=3DH/tM
-----END PGP SIGNATURE-----

 

[Paul Smith]

I see that your sample above, is like " Hash.new 0". I guess that's just another syntax for Hash.new(0) right?

Yes, parentheses are (usually) optional in Ruby.