This is where perl really shines :)
Note: Im gonna next in code brackets, cause I'm lazy
Suggestions:
You are able to view the data in some way shape or form, so I would
+ either
A) figure out how to get that data out in a stream (I.e calling
+an executable to provide that data on the fly for your parser) or
B) instead of pulling the binary data, convert it to text, compr
+ess that and munge the compressed text
Determine what types of entries are in the file.
Just looking at the data at hand I see at least 2 unique type of en
+tries and a whole slew of other things to help with a parser.
One msg from the kernel, and one msg from firewalld.
Next we notice that the kernel is "Temporarily" blocking
does it also log permanent blocks?
does this line correlate to an earier firewalld line?
The firewalld process is stating it denied a packet..
There is all sorts of juicy bits in there..
First off, the deny.
What other actions can it take?
Then the interface..
what other interfaces are there?
The next number is interesting as I have no idea what its correl
+ated to
do all denies get stamped with 48?
or packets on eth0,
or tcp packets,
or tcp packets destined for X port?
Next the type
what other types are coming through?..
Already a parser is starting to become fleshed out, with some simple tweaking it should be relatively simple to do, especially if all entries are one liners, which greatly reduces logic and the need for something along the lines of a quasi statemachine..
Happy hacking.. :)
/* And the Creator, against his better judgement, wrote man.c */