"Robert Cochran" <rcochran@archdiocese-no.org> writes:
> We have some log files that we need to delete the multiple instances
> of a violation.
So, you want only one instance of each violation? Or you want all
violations eliminated entirely?
Do you consider two separate lines the same if they contain the same
originating port/IP?
Assuming that you want one instance per and you consider them the
same if they come from the same port/IP:
perl -e '/brodcast.net/
&& do {@t = split;
$violation{"$t[1] > $t[3]: $t[5] $t[6]"}++
unless $t[1] eq "10.1.1.3.53"}
END {for (sort keys %violation) {print "$_: $violation{$_}\n"}'
produces:
10.1.194.56.4405 > 10.1.1.3.53:: A? www.brodcast.net.: 1
10.1.201.122.3227 > 10.1.1.3.53:: A? www.brodcast.net.: 1
10.1.91.254.1159 > 10.1.1.3.53:: A? www.brodcast.net.: 1
10.1.94.128.2475 > 10.1.1.3.53:: A? www.brodcast.net.: 1
10.5.108.64.1846 > 10.1.1.3.53:: A? www.brodcast.net.: 1
10.6.51.3.1084 > 10.1.1.3.53:: A? www.brodcast.net.: 2
205.152.138.34.53 > 207.77.64.2.53:: A? www.brodcast.net.: 1
207.77.64.2.53 > 205.152.138.34.53:: q: www.brodcast.net.: 1
This should get you started, anyway.
Mark.
___________________
Nolug mailing list
nolug@nolug.org
Received on 09/15/03
This archive was generated by hypermail 2.2.0 : 12/19/08 EST