Perl > don't overwrite or stop if already present.

jboy4 · 02-27-2012, 09:58 AM

Hi i have a Pcap reader i did in perl but i am very new to perl. I have been running the script on tcp dumps manually and deleting the old ones after they are put into my table on mysql. The code does all this but i need help to either have it added to move the file it dumps or the code to not add a file that has already been added.

Could someone help me understand which method should be used and help by adding it to my code?

MY ORIGINAL PCAP READER-

Code:

#!/usr/bin/perl


 use DBI;
 use Net::TcpDumpLog;
 use NetPacket::Ethernet;
 use NetPacket::IP;
 use NetPacket::TCP;
 use Net::Pcap;
 use strict;
 use warnings;

my $log;


#Login to mysql
  my $dbh = DBI->connect('DBI:mysql:events:10.1.10.129', 'root', 'root'
	           ) || die "Could not connect to +database: $DBI::errstr";

  my $dir = 'C:/Documents and Settings/jordant/Desktop/Dump';


            opendir(DIR, $dir) or die $!;

     while (my $file = readdir(DIR)) {


#Use a regular expression to find files ending in .pcap
        next unless ($file =~ m/\.pcap$/);

 $log = Net::TcpDumpLog->new();
 $log->read("$dir/$file");



#INFO from PCAP file
          foreach my $index ($log->indexes) {
  my ($length_orig, $length_incl, $drops, $secs, $msecs) = $log->header($index);
  my $data = $log->data($index);



  my $eth_obj = NetPacket::Ethernet->decode($data);
        next unless $eth_obj->{type} == NetPacket::Ethernet::ETH_TYPE_IP;


  my $ip_obj = NetPacket::IP->decode($eth_obj->{data});
        next unless $ip_obj->{proto} == NetPacket::IP::IP_PROTO_TCP;

  my $tcp_obj = NetPacket::TCP->decode($ip_obj->{data});





#Get date time stamp of packet
  my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime($secs + $msecs/1000);
    $mon+=1;
  my $time = sprintf("%02d-%02d %02d:%02d:%02d",
    $mon, $mday, $hour, $min, $sec);





#Info in Table

 $dbh->do( "INSERT INTO  TCPdump (Date,Source,Destination,Packets,Port,Server)
                        values (
                        '$time',
                        '$ip_obj->{src_ip}',
                        '$ip_obj->{dest_ip}',
                        '$ip_obj->{len}',
                        '$tcp_obj->{dest_port}',
                        'agslnx1')");

  }

  close(DIR)

  }

Cedrik · 02-27-2012, 10:25 AM

Maybe move the file in another directory after it has been processed ?

Code:

my $dir = 'C:/Documents and Settings/jordant/Desktop/Dump';

# dir to store already processed files
my $bdir = 'C:/Documents and Settings/jordant/Desktop/Backup';
...
...
 rename "$dir/$file", "$bdir/$file";
 }

 close(DIR);

}

jboy4 · 02-27-2012, 05:03 PM

That would be one way but is there a way i could run it and it wouldnt over write my old ones?

Quote:

Originally Posted by Cedrik

Maybe move the file in another directory after it has been processed ?

Code:

my $dir = 'C:/Documents and Settings/jordant/Desktop/Dump';

# dir to store already processed files
my $bdir = 'C:/Documents and Settings/jordant/Desktop/Backup';
...
...
 rename "$dir/$file", "$bdir/$file";
 }

 close(DIR);

}

Cedrik · 02-27-2012, 06:12 PM

I don't see where the script overwrite the file (??)

jboy4 · 02-28-2012, 08:09 AM

It doesn't really overwrite the file. This is what i mean when i say that. The information is getting put into a mySQL database table that i created. If you happen to have that pcap file already in the mySQL database it will still read that pcap file and put into mySQL table. Thus making it have the same entry twice in the database.

Cedrik · 02-28-2012, 08:47 AM

If you move the file into another dir after the mysql query like I suggested, there should not be any duplicated mysql records

jboy4 · 02-29-2012, 10:10 AM

Yep i was just thinking for saftey reasons if something happend to be in there twice so it wouldnt duplicate info. I did use what you put tho and for now it seems to be working wonderfully. Thank You so much.