开发者

Perl Script: how File::Tail function able to read binary(TCPDUMP) file?

anyone can give me some opinion about this code?

#!/usr/local/bin/perl
use File::Tail;

$file = File::Tail -> new("/var/log/snort/snort.log.1301090101");
while(defined($line=$file ->read))
{
   print $line;
} 

since the log file is binary format so i try modify code like this

#!/usr/local/bin/perl
use File::Tail;

$file = File::Tail -> new("/var/log/snort/snort.log.1301090101");
open(my $LF, "-|", "/usr/local/bin/snort -r $file") or die "$!";
while(defined($line=$file ->read))
{
   print $line;
} 

this code seem have some syntax error..isn't possible to combine pipe and file tail function? isn't file::tail function already include open() method?

2nd question is about the $file = File::Tail -> new(<Filename>); <Filename> seem must the single file and must point to the particular file name... if i have 3 file: snort.log.1301090101, snort.log.1301090102 and snort.log.1301090102 in same directory, isn't possible usin开发者_开发问答g a single File::Tail function to read all of that or the file inside the directory?


As explained in your first question: You can not simply read these files directly. They are in a binary format, not text. You can not use File::Tail.

You can pipe the output of the actual snort process that reads those logs to perl, as has been shown. If it doesn't offer a "tail" type option, you can't tail them.

There is an old perl module Net::TcpDumpLog that might let you read the data directly if it still works, but it can not tail the logs either.

The only way to tail them would be to change your snort config to output ASCII logs, but you may run into problems with it being able to keep up wit the packet stream.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜