Ip

日志内容： …… authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=61.146.178.13 authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=bin86.ee.ccu.edu.tw authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=137.65.134.61.net.jq.gs.dynamic.163data.com.cn …… #!/usr/bin/perl use strict; # Open log file open(XXX, "/path/to/logfile") || die "Error Reading File : $!"; my @urls = <xxx>; close(XXX); my $i = 0; my @ips = (); for my $ip (@urls) { #if ($ip =~ /rhost=((d{1,3}.d{1,3}.d{1,3}.d{1,3})?.*) /isg) { if ($ip =~ /rhost=(.*) /isg) { $i ++; unless (is_in_array($1, @ips)) { push @ips, $1; } } } print "All attack count : $in"; print "Use $#ips IP(s)n"; print "The ips are : @ipsn"; sub is_in_array { my $ip = shift(); my $s = shift(); my @ips = @$s; my $in = 0; for (@ips) { if ($_ eq $ip) { $in = 1; last; } } return $in; }