could contain spaces. I would first
to five fields. I would then use a global regex match to pull out the
s from the fifth field as key/value pairs to populate a hash. The regex uses a look-ahead to avoid consuming the next pair. I use
here to show what has been parsed from the file.
Here's the output.
@parsedData = (
{
'msg' => 'TCP connection request received is invalid
+, dropping packet Src 23 Dst 4412 from EXT n/w',
'proto' => '6(tcp)',
'time' => '"2007-11-16 16:04:08"',
'src' => '128.29.29.200',
'field4' => '128.29.29.40',
'field2' => '16:04:33',
'field3' => 'Local1.Alert',
'mtp' => '2',
'mid' => '1013',
'fw' => 'WS2000-Store 29',
'field1' => '2007-11-16',
'agent' => 'Firewall',
'pri' => '1',
'id' => 'firewall',
'dst' => '128.29.100.102'
},
{
'msg' => 'TCP connection request received is invalid
+, dropping packet Src 23 Dst 4344 from EXT n/w',
'proto' => '6(tcp)',
'time' => '"2007-11-16 16:03:25"',
'src' => '128.24.24.200',
'field4' => '128.24.24.40',
'field2' => '16:05:05',
'field3' => 'Local1.Alert',
'mtp' => '2',
'fw' => 'WS2000-Store 24',
'mid' => '1013',
'field1' => '2007-11-16',
'agent' => 'Firewall',
'id' => 'firewall',
'pri' => '1',
'dst' => '128.24.100.101'
},
{
'msg' => 'TCP connection request received is invalid
+, dropping packet Src 23 Dst 4412 from EXT n/w',
'proto' => '6(tcp)',
'time' => '"2007-11-16 16:05:09"',
'src' => '128.29.29.200',
'field4' => '128.29.29.40',
'field2' => '16:05:34',
'field3' => 'Local1.Alert',
'mtp' => '2',
'fw' => 'WS2000-Store 29',
'mid' => '1013',
'field1' => '2007-11-16',
'agent' => 'Firewall',
'id' => 'firewall',
'pri' => '1',
'dst' => '128.29.100.102'
},
{
'msg' => 'TCP connection request received is invalid
+, dropping packet Src 23 Dst 4631 from EXT n/w',
'proto' => '6(tcp)',
'time' => '"2007-11-16 16:03:36"',
'src' => '128.2.2.200',
'field4' => '128.2.2.40',
'field2' => '16:05:39',
'field3' => 'Local1.Alert',
'mtp' => '2',
'fw' => 'WS2000-Store 02',
'mid' => '1013',
'field1' => '2007-11-16',
'agent' => 'Firewall',
'id' => 'firewall',
'pri' => '1',
'dst' => '128.2.100.106'
},
{
'msg' => 'TCP connection request received is invalid
+, dropping packet Src 23 Dst 4631 from EXT n/w',
'proto' => '6(tcp)',
'time' => '"2007-11-16 16:03:36"',
'src' => '128.2.2.200',
'field4' => '128.2.2.40',
'field2' => '16:05:40',
'field3' => 'Local1.Alert',
'mtp' => '2',
'fw' => 'WS2000-Store 02',
'mid' => '1013',
'field1' => '2007-11-16',
'agent' => 'Firewall',
'id' => 'firewall',
'pri' => '1',
'dst' => '128.2.100.106'
},
{
'msg' => 'TCP connection request received is invalid
+, dropping packet Src 23 Dst 4631 from EXT n/w',
'proto' => '6(tcp)',
'time' => '"2007-11-16 16:03:37"',
'src' => '128.2.2.200',
'field4' => '128.2.2.40',
'field2' => '16:05:40',
'field3' => 'Local1.Alert',
'mtp' => '2',
'fw' => 'WS2000-Store 02',
'mid' => '1013',
'field1' => '2007-11-16',
'agent' => 'Firewall',
'id' => 'firewall',
'pri' => '1',
'dst' => '128.2.100.106'
}
);
I hope this is of interest.