Jump to content

File reading and Modification


Recommended Posts

Is it possible to read file containing 3 lines with this format generated by syslog agent and delivered via mail by kiwi syslog server with custom action:

First Line of original file: "192.168.3.253"

Second line: blank

Third Line: "Jul 21 18:19:02 gs-fw.gsistema.local MSWinEventLog<009>4<009>Application<009>44<009>Fri Jul 21 18:19:02 2006<009>15104<009>Microsoft Firewall<009>Unknown User<009>N/A<009>Warning<009>GS-FW<009>Disk<009><009>ISA Server detected a port scan attack from Internet Protocol (IP) address 85.204.225.178. A well-known port is any port in the range of 1-2048. <009>42"

manipulating the lines with deleting ", replace <009> with a CR and adding some text, obtaining this format in a new file?

Host IP Address: 192.168.3.253

Date: Jul 21

Time: 18:19:02

Hostname: gs-fw.gsistema.local

Event Type: MSWinEventLog

Criticality: 4

Event Log: Application

SNARE Event Counter: 44

DateTime: Fri Jul 21 18:19:02

EventID: 15104

Source: Microsoft Firewall

Username: Unknown User

SIDType: N/A

EventLogType: Warning

ComputerName: GS-FW

CategoryString: Disk

EventDescription: ISA Server detected a port scan attack from Internet Protocol (IP) address 85.204.225.178. A well-known port is any port in the range of 1-2048.

ExpandedString:42

Is it possible with AutoIT? Any suggestion? What functions are useful to do this?

P.S. The original file is always in this format regarding the content, for example the number of <009> is always 12. The Event Type or Computer Name is always in the same position.

Many thanks

Edited by giorg70
Link to comment
Share on other sites

Hi,

this should show you how to do it. It is nearly complete. Should be no prob to finidh it for you.

; § 3Lines.txt

; "Jul 21 18:19:02 gs-fw.gsistema.local MSWinEventLog<009>4<009>Application<009>44<009>Fri Jul 21 18:19:02 2006<009>15104<009>Microsoft Firewall<009>Unknown User<009>N/A<009>Warning<009>GS-FW<009>Disk<009><009>ISA Server detected a port scan attack from Internet Protocol (IP) address 85.204.225.178. A well-known port is any port in the range of 1-2048. <009>42"
;Date: Jul 21
;Time: 18:19:02
;Hostname: gs-fw.gsistema.local
;Event Type: MSWinEventLog
;Criticality: 4
;Event Log: Application
;SNARE Event Counter: 44
;DateTime: Fri Jul 21 18:19:02
;EventID: 15104
;Source: Microsoft Firewall
;Username: Unknown User
;SIDType: N/A
;EventLogType: Warning
;ComputerName: GS-FW
;CategoryString: Disk
;EventDescription: ISA Server detected a port scan attack from Internet Protocol (IP) address 85.204.225.178. A well-known port is any port in the range of 1-2048.
#include <file.au3>
#include <array.au3>
Dim $aRecords
If Not _FileReadToArray(@ScriptDir & '\3Lines.txt', $aRecords) Then
   MsgBox(4096,"Error", " Error reading log to Array     error:" & @error)
   Exit
EndIf

;For $x = 1 to $aRecords[0]
;    Msgbox(0,'Record:' & $x, $aRecords[$x])
;Next
$x = StringReplace($aRecords[3], '"', '')
Global $date = StringLeft($x, 6)
Global $time = StringMid($x, 8, 8)
Global $hostname = StringMid($x, StringInStr($x, " ", 0, 3), StringInStr($x, " ", 0, 4)-StringInStr($x, " ", 0, 3))
Global $eventType = StringMid($x, StringInStr($x, " ", 0, 4), StringInStr($x, "<", 0, 1) - StringInStr($x, " ", 0, 4))
Global $rest_A = _SRE_Between($x, '>', '<', 1)
Global $array[7] = ['', "Date: " &  $date, 'Time: ' & $time, 'Hostname: ' & $hostname, 'Event Type: ' & $eventType,   'Criticality: ' & $rest_A[0], 'Event Log: ' & $rest_A[1]]

For $i = 1 To UBound($array)-1
ConsoleWrite($array[$i] & @CR)
Next
;_FileWriteFromArray(@ScriptDir & '\3LinesAuswertung.txt', 
_ArrayDisplay($array, "")
_ArrayDisplay($rest_A, "")

Func _SRE_Between($s_String, $s_Start, $s_End, $i_ReturnArray = 0); $i_ReturnArray returns an array of all found if it = 1, otherwise default returns first found
    $a_Array = StringRegExp($s_String, '(?:' & $s_Start & ')(.*?)(?:' & $s_End & ')', 3)
    If Not @error And Not $i_ReturnArray And IsArray($a_Array) Then Return $a_Array[0]
    If IsArray($a_Array) Then Return $a_Array
EndFunc

So long,

Mega

Scripts & functions Organize Includes Let Scite organize the include files

Yahtzee The game "Yahtzee" (Kniffel, DiceLion)

LoginWrapper Secure scripts by adding a query (authentication)

_RunOnlyOnThis UDF Make sure that a script can only be executed on ... (Windows / HD / ...)

Internet-Café Server/Client Application Open CD, Start Browser, Lock remote client, etc.

MultipleFuncsWithOneHotkey Start different funcs by hitting one hotkey different times

Link to comment
Share on other sites

im not 100% sure, seeing as i only just started using the program, but i think the

StringRegExp is a BETA only function.

goto the downloads page again, and scroll down, get the beta of AutoIT. install it, and then use its "execute script" function on the file.

home that helps.

/tAK

Link to comment
Share on other sites

HI,

when Scite tells you, that the func isn't known then it is nearly always the problem that you are trying to use a beta func in a non beta script.

So long,

Mega

PS: Hope the little script does what you wanted, now that you can run it.

Scripts & functions Organize Includes Let Scite organize the include files

Yahtzee The game "Yahtzee" (Kniffel, DiceLion)

LoginWrapper Secure scripts by adding a query (authentication)

_RunOnlyOnThis UDF Make sure that a script can only be executed on ... (Windows / HD / ...)

Internet-Café Server/Client Application Open CD, Start Browser, Lock remote client, etc.

MultipleFuncsWithOneHotkey Start different funcs by hitting one hotkey different times

Link to comment
Share on other sites

The script function very well in my machine, but i need to use the script in another one. I have compiled and transferred the exe but the program not function!!!!!

HI,

which error occurs? What happens?

So long,

Mega

Scripts & functions Organize Includes Let Scite organize the include files

Yahtzee The game "Yahtzee" (Kniffel, DiceLion)

LoginWrapper Secure scripts by adding a query (authentication)

_RunOnlyOnThis UDF Make sure that a script can only be executed on ... (Windows / HD / ...)

Internet-Café Server/Client Application Open CD, Start Browser, Lock remote client, etc.

MultipleFuncsWithOneHotkey Start different funcs by hitting one hotkey different times

Link to comment
Share on other sites

Hi,

try MsgBox(0,"",UBound($rest_A))

So long,

Mega

Scripts & functions Organize Includes Let Scite organize the include files

Yahtzee The game "Yahtzee" (Kniffel, DiceLion)

LoginWrapper Secure scripts by adding a query (authentication)

_RunOnlyOnThis UDF Make sure that a script can only be executed on ... (Windows / HD / ...)

Internet-Café Server/Client Application Open CD, Start Browser, Lock remote client, etc.

MultipleFuncsWithOneHotkey Start different funcs by hitting one hotkey different times

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...