Sign in to follow this  
Followers 0
giorg70

File reading and Modification

14 posts in this topic

#1 ·  Posted (edited)

Is it possible to read file containing 3 lines with this format generated by syslog agent and delivered via mail by kiwi syslog server with custom action:

First Line of original file: "192.168.3.253"

Second line: blank

Third Line: "Jul 21 18:19:02 gs-fw.gsistema.local MSWinEventLog<009>4<009>Application<009>44<009>Fri Jul 21 18:19:02 2006<009>15104<009>Microsoft Firewall<009>Unknown User<009>N/A<009>Warning<009>GS-FW<009>Disk<009><009>ISA Server detected a port scan attack from Internet Protocol (IP) address 85.204.225.178. A well-known port is any port in the range of 1-2048. <009>42"

manipulating the lines with deleting ", replace <009> with a CR and adding some text, obtaining this format in a new file?

Host IP Address: 192.168.3.253

Date: Jul 21

Time: 18:19:02

Hostname: gs-fw.gsistema.local

Event Type: MSWinEventLog

Criticality: 4

Event Log: Application

SNARE Event Counter: 44

DateTime: Fri Jul 21 18:19:02

EventID: 15104

Source: Microsoft Firewall

Username: Unknown User

SIDType: N/A

EventLogType: Warning

ComputerName: GS-FW

CategoryString: Disk

EventDescription: ISA Server detected a port scan attack from Internet Protocol (IP) address 85.204.225.178. A well-known port is any port in the range of 1-2048.

ExpandedString:42

Is it possible with AutoIT? Any suggestion? What functions are useful to do this?

P.S. The original file is always in this format regarding the content, for example the number of <009> is always 12. The Event Type or Computer Name is always in the same position.

Many thanks

Edited by giorg70

Share this post


Link to post
Share on other sites



Hi,

this should show you how to do it. It is nearly complete. Should be no prob to finidh it for you.

; § 3Lines.txt

; "Jul 21 18:19:02 gs-fw.gsistema.local MSWinEventLog<009>4<009>Application<009>44<009>Fri Jul 21 18:19:02 2006<009>15104<009>Microsoft Firewall<009>Unknown User<009>N/A<009>Warning<009>GS-FW<009>Disk<009><009>ISA Server detected a port scan attack from Internet Protocol (IP) address 85.204.225.178. A well-known port is any port in the range of 1-2048. <009>42"
;Date: Jul 21
;Time: 18:19:02
;Hostname: gs-fw.gsistema.local
;Event Type: MSWinEventLog
;Criticality: 4
;Event Log: Application
;SNARE Event Counter: 44
;DateTime: Fri Jul 21 18:19:02
;EventID: 15104
;Source: Microsoft Firewall
;Username: Unknown User
;SIDType: N/A
;EventLogType: Warning
;ComputerName: GS-FW
;CategoryString: Disk
;EventDescription: ISA Server detected a port scan attack from Internet Protocol (IP) address 85.204.225.178. A well-known port is any port in the range of 1-2048.
#include <file.au3>
#include <array.au3>
Dim $aRecords
If Not _FileReadToArray(@ScriptDir & '\3Lines.txt', $aRecords) Then
   MsgBox(4096,"Error", " Error reading log to Array     error:" & @error)
   Exit
EndIf

;For $x = 1 to $aRecords[0]
;    Msgbox(0,'Record:' & $x, $aRecords[$x])
;Next
$x = StringReplace($aRecords[3], '"', '')
Global $date = StringLeft($x, 6)
Global $time = StringMid($x, 8, 8)
Global $hostname = StringMid($x, StringInStr($x, " ", 0, 3), StringInStr($x, " ", 0, 4)-StringInStr($x, " ", 0, 3))
Global $eventType = StringMid($x, StringInStr($x, " ", 0, 4), StringInStr($x, "<", 0, 1) - StringInStr($x, " ", 0, 4))
Global $rest_A = _SRE_Between($x, '>', '<', 1)
Global $array[7] = ['', "Date: " &  $date, 'Time: ' & $time, 'Hostname: ' & $hostname, 'Event Type: ' & $eventType,   'Criticality: ' & $rest_A[0], 'Event Log: ' & $rest_A[1]]

For $i = 1 To UBound($array)-1
ConsoleWrite($array[$i] & @CR)
Next
;_FileWriteFromArray(@ScriptDir & '\3LinesAuswertung.txt', 
_ArrayDisplay($array, "")
_ArrayDisplay($rest_A, "")

Func _SRE_Between($s_String, $s_Start, $s_End, $i_ReturnArray = 0); $i_ReturnArray returns an array of all found if it = 1, otherwise default returns first found
    $a_Array = StringRegExp($s_String, '(?:' & $s_Start & ')(.*?)(?:' & $s_End & ')', 3)
    If Not @error And Not $i_ReturnArray And IsArray($a_Array) Then Return $a_Array[0]
    If IsArray($a_Array) Then Return $a_Array
EndFunc

So long,

Mega


Scripts & functions Organize Includes Let Scite organize the include files

Yahtzee The game "Yahtzee" (Kniffel, DiceLion)

LoginWrapper Secure scripts by adding a query (authentication)

_RunOnlyOnThis UDF Make sure that a script can only be executed on ... (Windows / HD / ...)

Internet-Café Server/Client Application Open CD, Start Browser, Lock remote client, etc.

MultipleFuncsWithOneHotkey Start different funcs by hitting one hotkey different times

Share this post


Link to post
Share on other sites

I'm very newbye but i'm working on it. Many thanks

Share this post


Link to post
Share on other sites

There is one error:

$a_Array = StringRegExp($s_String, '(?:' & $s_Start & ')(.*?)(?:' & $s_End & ')', 3)

$a_Array = ^ ERROR

Share this post


Link to post
Share on other sites

im not 100% sure, seeing as i only just started using the program, but i think the

StringRegExp is a BETA only function.

goto the downloads page again, and scroll down, get the beta of AutoIT. install it, and then use its "execute script" function on the file.

home that helps.

/tAK

Share this post


Link to post
Share on other sites

OK, it's a beta function. Thank you very much

Share this post


Link to post
Share on other sites

HI,

when Scite tells you, that the func isn't known then it is nearly always the problem that you are trying to use a beta func in a non beta script.

So long,

Mega

PS: Hope the little script does what you wanted, now that you can run it.


Scripts & functions Organize Includes Let Scite organize the include files

Yahtzee The game "Yahtzee" (Kniffel, DiceLion)

LoginWrapper Secure scripts by adding a query (authentication)

_RunOnlyOnThis UDF Make sure that a script can only be executed on ... (Windows / HD / ...)

Internet-Café Server/Client Application Open CD, Start Browser, Lock remote client, etc.

MultipleFuncsWithOneHotkey Start different funcs by hitting one hotkey different times

Share this post


Link to post
Share on other sites

If i need to replace file reading with two arguments, what kind of modifications i need to do?

I need to substitute $aRecords[1] with the first argument and $aRecords[3] with the 2nd argument!!!!

Share this post


Link to post
Share on other sites

#9 ·  Posted (edited)

The script function very well in my machine, but i need to use the script in another one. I have compiled and transferred the exe but the program not function!!!!!

Edited by giorg70

Share this post


Link to post
Share on other sites

The script function very well in my machine, but i need to use the script in another one. I have compiled and transferred the exe but the program not function!!!!!

HI,

which error occurs? What happens?

So long,

Mega


Scripts & functions Organize Includes Let Scite organize the include files

Yahtzee The game "Yahtzee" (Kniffel, DiceLion)

LoginWrapper Secure scripts by adding a query (authentication)

_RunOnlyOnThis UDF Make sure that a script can only be executed on ... (Windows / HD / ...)

Internet-Café Server/Client Application Open CD, Start Browser, Lock remote client, etc.

MultipleFuncsWithOneHotkey Start different funcs by hitting one hotkey different times

Share this post


Link to post
Share on other sites

Not errors but the program does not make any operations and remains active in Task Manager!!!!!

Share this post


Link to post
Share on other sites

The error arise when exist this string "<009><009>" in the event and the array is long 11 and not 12!!!!!!

Share this post


Link to post
Share on other sites

I need to know exactly the number of $rest_A components. I try to use $rest_A[0] but the number is not true!!! Why?

Share this post


Link to post
Share on other sites

Hi,

try MsgBox(0,"",UBound($rest_A))

So long,

Mega


Scripts & functions Organize Includes Let Scite organize the include files

Yahtzee The game "Yahtzee" (Kniffel, DiceLion)

LoginWrapper Secure scripts by adding a query (authentication)

_RunOnlyOnThis UDF Make sure that a script can only be executed on ... (Windows / HD / ...)

Internet-Café Server/Client Application Open CD, Start Browser, Lock remote client, etc.

MultipleFuncsWithOneHotkey Start different funcs by hitting one hotkey different times

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0