LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices


Reply
  Search this Thread
Old 02-27-2012, 09:58 AM   #1
jboy4
LQ Newbie
 
Registered: Feb 2012
Posts: 6

Rep: Reputation: Disabled
Perl > don't overwrite or stop if already present.


Hi i have a Pcap reader i did in perl but i am very new to perl. I have been running the script on tcp dumps manually and deleting the old ones after they are put into my table on mysql. The code does all this but i need help to either have it added to move the file it dumps or the code to not add a file that has already been added.

Could someone help me understand which method should be used and help by adding it to my code?


MY ORIGINAL PCAP READER-

Code:
#!/usr/bin/perl


 use DBI;
 use Net::TcpDumpLog;
 use NetPacket::Ethernet;
 use NetPacket::IP;
 use NetPacket::TCP;
 use Net::Pcap;
 use strict;
 use warnings;

my $log;


#Login to mysql
  my $dbh = DBI->connect('DBI:mysql:events:10.1.10.129', 'root', 'root'
	           ) || die "Could not connect to +database: $DBI::errstr";

  my $dir = 'C:/Documents and Settings/jordant/Desktop/Dump';


            opendir(DIR, $dir) or die $!;

     while (my $file = readdir(DIR)) {


#Use a regular expression to find files ending in .pcap
        next unless ($file =~ m/\.pcap$/);

 $log = Net::TcpDumpLog->new();
 $log->read("$dir/$file");



#INFO from PCAP file
          foreach my $index ($log->indexes) {
  my ($length_orig, $length_incl, $drops, $secs, $msecs) = $log->header($index);
  my $data = $log->data($index);



  my $eth_obj = NetPacket::Ethernet->decode($data);
        next unless $eth_obj->{type} == NetPacket::Ethernet::ETH_TYPE_IP;


  my $ip_obj = NetPacket::IP->decode($eth_obj->{data});
        next unless $ip_obj->{proto} == NetPacket::IP::IP_PROTO_TCP;

  my $tcp_obj = NetPacket::TCP->decode($ip_obj->{data});





#Get date time stamp of packet
  my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime($secs + $msecs/1000);
    $mon+=1;
  my $time = sprintf("%02d-%02d %02d:%02d:%02d",
    $mon, $mday, $hour, $min, $sec);





#Info in Table

 $dbh->do( "INSERT INTO  TCPdump (Date,Source,Destination,Packets,Port,Server)
                        values (
                        '$time',
                        '$ip_obj->{src_ip}',
                        '$ip_obj->{dest_ip}',
                        '$ip_obj->{len}',
                        '$tcp_obj->{dest_port}',
                        'agslnx1')");

  }

  close(DIR)

  }

Last edited by jboy4; 02-27-2012 at 09:59 AM.
 
Old 02-27-2012, 10:25 AM   #2
Cedrik
Senior Member
 
Registered: Jul 2004
Distribution: Slackware
Posts: 2,140

Rep: Reputation: 243Reputation: 243Reputation: 243
Maybe move the file in another directory after it has been processed ?
Code:
my $dir = 'C:/Documents and Settings/jordant/Desktop/Dump';

# dir to store already processed files
my $bdir = 'C:/Documents and Settings/jordant/Desktop/Backup';
...
...
 rename "$dir/$file", "$bdir/$file";
 }

 close(DIR);

}
 
Old 02-27-2012, 05:03 PM   #3
jboy4
LQ Newbie
 
Registered: Feb 2012
Posts: 6

Original Poster
Rep: Reputation: Disabled
That would be one way but is there a way i could run it and it wouldnt over write my old ones?


Quote:
Originally Posted by Cedrik View Post
Maybe move the file in another directory after it has been processed ?
Code:
my $dir = 'C:/Documents and Settings/jordant/Desktop/Dump';

# dir to store already processed files
my $bdir = 'C:/Documents and Settings/jordant/Desktop/Backup';
...
...
 rename "$dir/$file", "$bdir/$file";
 }

 close(DIR);

}
 
Old 02-27-2012, 06:12 PM   #4
Cedrik
Senior Member
 
Registered: Jul 2004
Distribution: Slackware
Posts: 2,140

Rep: Reputation: 243Reputation: 243Reputation: 243
I don't see where the script overwrite the file (??)
 
Old 02-28-2012, 08:09 AM   #5
jboy4
LQ Newbie
 
Registered: Feb 2012
Posts: 6

Original Poster
Rep: Reputation: Disabled
It doesn't really overwrite the file. This is what i mean when i say that. The information is getting put into a mySQL database table that i created. If you happen to have that pcap file already in the mySQL database it will still read that pcap file and put into mySQL table. Thus making it have the same entry twice in the database.
 
Old 02-28-2012, 08:47 AM   #6
Cedrik
Senior Member
 
Registered: Jul 2004
Distribution: Slackware
Posts: 2,140

Rep: Reputation: 243Reputation: 243Reputation: 243
If you move the file into another dir after the mysql query like I suggested, there should not be any duplicated mysql records
 
Old 02-29-2012, 10:10 AM   #7
jboy4
LQ Newbie
 
Registered: Feb 2012
Posts: 6

Original Poster
Rep: Reputation: Disabled
Yep i was just thinking for saftey reasons if something happend to be in there twice so it wouldnt duplicate info. I did use what you put tho and for now it seems to be working wonderfully. Thank You so much.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Headphones don't work unless they are present at boot time... BallsOfSteel Linux - Laptop and Netbook 2 10-11-2008 05:16 PM
print don't want to stop ... MargNat Linux - General 1 12-11-2006 09:25 AM
Help installing FC6 on an external HD E:, don't wanna overwrite XP on C: creativename Fedora - Installation 3 11-03-2006 02:55 AM
Are there suppose to be MySQL processes that don't stop? linuxboy69 Linux - Software 0 09-10-2004 04:12 PM
how to stop programs i don't need starting up when booting? Jestrik Linux - Newbie 5 12-22-2003 11:03 AM

LinuxQuestions.org > Forums > Non-*NIX Forums > Programming

All times are GMT -5. The time now is 03:34 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration