giorg70 Posted July 22, 2006 Share Posted July 22, 2006 (edited) Is it possible to read file containing 3 lines with this format generated by syslog agent and delivered via mail by kiwi syslog server with custom action: First Line of original file: "192.168.3.253" Second line: blank Third Line: "Jul 21 18:19:02 gs-fw.gsistema.local MSWinEventLog<009>4<009>Application<009>44<009>Fri Jul 21 18:19:02 2006<009>15104<009>Microsoft Firewall<009>Unknown User<009>N/A<009>Warning<009>GS-FW<009>Disk<009><009>ISA Server detected a port scan attack from Internet Protocol (IP) address 85.204.225.178. A well-known port is any port in the range of 1-2048. <009>42" manipulating the lines with deleting ", replace <009> with a CR and adding some text, obtaining this format in a new file? Host IP Address: 192.168.3.253 Date: Jul 21 Time: 18:19:02 Hostname: gs-fw.gsistema.local Event Type: MSWinEventLog Criticality: 4 Event Log: Application SNARE Event Counter: 44 DateTime: Fri Jul 21 18:19:02 EventID: 15104 Source: Microsoft Firewall Username: Unknown User SIDType: N/A EventLogType: Warning ComputerName: GS-FW CategoryString: Disk EventDescription: ISA Server detected a port scan attack from Internet Protocol (IP) address 85.204.225.178. A well-known port is any port in the range of 1-2048. ExpandedString:42 Is it possible with AutoIT? Any suggestion? What functions are useful to do this? P.S. The original file is always in this format regarding the content, for example the number of <009> is always 12. The Event Type or Computer Name is always in the same position. Many thanks Edited July 22, 2006 by giorg70 Link to comment Share on other sites More sharing options...
Xenobiologist Posted July 23, 2006 Share Posted July 23, 2006 Hi, this should show you how to do it. It is nearly complete. Should be no prob to finidh it for you. expandcollapse popup; § 3Lines.txt ; "Jul 21 18:19:02 gs-fw.gsistema.local MSWinEventLog<009>4<009>Application<009>44<009>Fri Jul 21 18:19:02 2006<009>15104<009>Microsoft Firewall<009>Unknown User<009>N/A<009>Warning<009>GS-FW<009>Disk<009><009>ISA Server detected a port scan attack from Internet Protocol (IP) address 85.204.225.178. A well-known port is any port in the range of 1-2048. <009>42" ;Date: Jul 21 ;Time: 18:19:02 ;Hostname: gs-fw.gsistema.local ;Event Type: MSWinEventLog ;Criticality: 4 ;Event Log: Application ;SNARE Event Counter: 44 ;DateTime: Fri Jul 21 18:19:02 ;EventID: 15104 ;Source: Microsoft Firewall ;Username: Unknown User ;SIDType: N/A ;EventLogType: Warning ;ComputerName: GS-FW ;CategoryString: Disk ;EventDescription: ISA Server detected a port scan attack from Internet Protocol (IP) address 85.204.225.178. A well-known port is any port in the range of 1-2048. #include <file.au3> #include <array.au3> Dim $aRecords If Not _FileReadToArray(@ScriptDir & '\3Lines.txt', $aRecords) Then MsgBox(4096,"Error", " Error reading log to Array error:" & @error) Exit EndIf ;For $x = 1 to $aRecords[0] ; Msgbox(0,'Record:' & $x, $aRecords[$x]) ;Next $x = StringReplace($aRecords[3], '"', '') Global $date = StringLeft($x, 6) Global $time = StringMid($x, 8, 8) Global $hostname = StringMid($x, StringInStr($x, " ", 0, 3), StringInStr($x, " ", 0, 4)-StringInStr($x, " ", 0, 3)) Global $eventType = StringMid($x, StringInStr($x, " ", 0, 4), StringInStr($x, "<", 0, 1) - StringInStr($x, " ", 0, 4)) Global $rest_A = _SRE_Between($x, '>', '<', 1) Global $array[7] = ['', "Date: " & $date, 'Time: ' & $time, 'Hostname: ' & $hostname, 'Event Type: ' & $eventType, 'Criticality: ' & $rest_A[0], 'Event Log: ' & $rest_A[1]] For $i = 1 To UBound($array)-1 ConsoleWrite($array[$i] & @CR) Next ;_FileWriteFromArray(@ScriptDir & '\3LinesAuswertung.txt', _ArrayDisplay($array, "") _ArrayDisplay($rest_A, "") Func _SRE_Between($s_String, $s_Start, $s_End, $i_ReturnArray = 0); $i_ReturnArray returns an array of all found if it = 1, otherwise default returns first found $a_Array = StringRegExp($s_String, '(?:' & $s_Start & ')(.*?)(?:' & $s_End & ')', 3) If Not @error And Not $i_ReturnArray And IsArray($a_Array) Then Return $a_Array[0] If IsArray($a_Array) Then Return $a_Array EndFunc So long, Mega Scripts & functions Organize Includes Let Scite organize the include files Yahtzee The game "Yahtzee" (Kniffel, DiceLion) LoginWrapper Secure scripts by adding a query (authentication) _RunOnlyOnThis UDF Make sure that a script can only be executed on ... (Windows / HD / ...) Internet-Café Server/Client Application Open CD, Start Browser, Lock remote client, etc. MultipleFuncsWithOneHotkey Start different funcs by hitting one hotkey different times Link to comment Share on other sites More sharing options...
giorg70 Posted July 24, 2006 Author Share Posted July 24, 2006 I'm very newbye but i'm working on it. Many thanks Link to comment Share on other sites More sharing options...
giorg70 Posted July 26, 2006 Author Share Posted July 26, 2006 There is one error: $a_Array = StringRegExp($s_String, '(?:' & $s_Start & ')(.*?)(?:' & $s_End & ')', 3) $a_Array = ^ ERROR Link to comment Share on other sites More sharing options...
tAKTelapis Posted July 26, 2006 Share Posted July 26, 2006 im not 100% sure, seeing as i only just started using the program, but i think the StringRegExp is a BETA only function. goto the downloads page again, and scroll down, get the beta of AutoIT. install it, and then use its "execute script" function on the file. home that helps. /tAK Link to comment Share on other sites More sharing options...
giorg70 Posted July 26, 2006 Author Share Posted July 26, 2006 OK, it's a beta function. Thank you very much Link to comment Share on other sites More sharing options...
Xenobiologist Posted July 26, 2006 Share Posted July 26, 2006 HI, when Scite tells you, that the func isn't known then it is nearly always the problem that you are trying to use a beta func in a non beta script. So long, Mega PS: Hope the little script does what you wanted, now that you can run it. Scripts & functions Organize Includes Let Scite organize the include files Yahtzee The game "Yahtzee" (Kniffel, DiceLion) LoginWrapper Secure scripts by adding a query (authentication) _RunOnlyOnThis UDF Make sure that a script can only be executed on ... (Windows / HD / ...) Internet-Café Server/Client Application Open CD, Start Browser, Lock remote client, etc. MultipleFuncsWithOneHotkey Start different funcs by hitting one hotkey different times Link to comment Share on other sites More sharing options...
giorg70 Posted July 26, 2006 Author Share Posted July 26, 2006 If i need to replace file reading with two arguments, what kind of modifications i need to do? I need to substitute $aRecords[1] with the first argument and $aRecords[3] with the 2nd argument!!!! Link to comment Share on other sites More sharing options...
giorg70 Posted July 26, 2006 Author Share Posted July 26, 2006 (edited) The script function very well in my machine, but i need to use the script in another one. I have compiled and transferred the exe but the program not function!!!!! Edited July 26, 2006 by giorg70 Link to comment Share on other sites More sharing options...
Xenobiologist Posted July 26, 2006 Share Posted July 26, 2006 The script function very well in my machine, but i need to use the script in another one. I have compiled and transferred the exe but the program not function!!!!!HI,which error occurs? What happens?So long,Mega Scripts & functions Organize Includes Let Scite organize the include files Yahtzee The game "Yahtzee" (Kniffel, DiceLion) LoginWrapper Secure scripts by adding a query (authentication) _RunOnlyOnThis UDF Make sure that a script can only be executed on ... (Windows / HD / ...) Internet-Café Server/Client Application Open CD, Start Browser, Lock remote client, etc. MultipleFuncsWithOneHotkey Start different funcs by hitting one hotkey different times Link to comment Share on other sites More sharing options...
giorg70 Posted July 26, 2006 Author Share Posted July 26, 2006 Not errors but the program does not make any operations and remains active in Task Manager!!!!! Link to comment Share on other sites More sharing options...
giorg70 Posted July 26, 2006 Author Share Posted July 26, 2006 The error arise when exist this string "<009><009>" in the event and the array is long 11 and not 12!!!!!! Link to comment Share on other sites More sharing options...
giorg70 Posted July 26, 2006 Author Share Posted July 26, 2006 I need to know exactly the number of $rest_A components. I try to use $rest_A[0] but the number is not true!!! Why? Link to comment Share on other sites More sharing options...
Xenobiologist Posted July 26, 2006 Share Posted July 26, 2006 Hi, try MsgBox(0,"",UBound($rest_A)) So long, Mega Scripts & functions Organize Includes Let Scite organize the include files Yahtzee The game "Yahtzee" (Kniffel, DiceLion) LoginWrapper Secure scripts by adding a query (authentication) _RunOnlyOnThis UDF Make sure that a script can only be executed on ... (Windows / HD / ...) Internet-Café Server/Client Application Open CD, Start Browser, Lock remote client, etc. MultipleFuncsWithOneHotkey Start different funcs by hitting one hotkey different times Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now