http://qs321.pair.com?node_id=88466


in reply to Reactionary Coding—One-Shot Programs

I do from time to time code one-shot programs. Perl is the perfect language for this, as it gives me powerful functions to do what I need (whether it's changing a few lines, calculate a string transformation or extract useful lines).

As others noted, the problem is in how will these tools evolve over time... But you get to solve your present problem now. If you discover it's a larger problem, you can always go back to the keyboard and start to think about a more general purpose program.

For example, here is a one-shot done this afternoon in a quick session, that is aimed to extract lines from a special text export of FireWall-1 logs... The only goal was to be a little faster than the FireWall-1 log tool for problem investigation. And to use simple (and regular) expressions to match lines.

#!/usr/bin/perl -w use strict; # the various fields my @field = qw/id date time if fw type action service src dst proto ru +le sport reason/; my $i = 0; my %field = map { ($_, $i++) } @field; # create the filter my %filtre = (@ARGV); my @filtre; while(my ($k, $v) = each %filtre) { # better use a while than a for lo +op push @filtre, '$data['.$field{$k}."]=~m/$v/i"; } my $filtre = join ' && ', @filtre; # open the file my $file = "fw01.log"; open F, $file || die "Error: $file $!\n"; $\= "\n"; print join"--\t--", @field; while(<F>) { my @data = (/"(.*?)"/g); print join"\t",@data if eval $filtre; }

It has -w and use strict;, but the filename is hardcoded and the file is not closed! I translated the comments from French, but they were here from the start. And the most important ones are missing... because the filter creation process was clear to me!

This ugly script allows for nice combinations, like: match.pl src 10.1.1.5 action drop service "^23|telnet" which will show all telnet connections to 10.1.1.5 that were dropped by the firewall.

If I had to write a bigger and more general purpose script, I'd probably use closures to create filter subroutines...

Update: Quick and dirty scripts can be very ugly... This one for example had a bug that prevents you to use several conditions... each should not be used in a for, but in a while loop.