-
Notifications
You must be signed in to change notification settings - Fork 2
/
last_parse.pl
executable file
·114 lines (82 loc) · 2.96 KB
/
last_parse.pl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
#!/usr/bin/perl
# $Id$
# $Author$
=pod
=head1 NAME
B<last_parse.pl> - parse the output of C<last -a -d>
=head1 DESCRIPTION
This should print out some text when called with C<pod2usage> from
L<Pod::Usage>.
=cut
use strict;
use warnings;
use Parse::RecDescent;
#$::RD_TRACE = 1;
$::RD_HINT = 1;
my $parser = Parse::RecDescent->new(<<'EOG'
# startup action
{ my $returned_text; }
wtmp : session(s) { $return = \$returned_text }
| logged_in(s) { $return = \$returned_text }
| reboot(s) { $return = \$returned_text }
| down(s) { $return = \$returned_text }
| begins { $return = \$returned_text }
session : login_name pseudoterm day_of_week month date
login_time dash logout_time session_total login_host
logged_in : login_name pseudoterm day_of_week month date
login_time still_logged_in_text login_host
reboot : reboot_text system_boot_text day_of_week month date
login_time session_total login_host
down : login_name pseudoterm day_of_week month date
login_time dash down_text session_total login_host
begins : wtmp_begins_text day_of_week month date wtmp_time year
# simple rules that don't need any regexes
dash : /-/
still_logged_in_text : /still logged in/
down_text : /down/
reboot_text : /reboot/
system_boot_text : /system boot/
wtmp_begins_text: /wtmp begins/
# more complext rules that need regexes
login_name : /^\w+/
# { $returned_text = $item[1];
# print $item[0] . q( -> ) . $item[1] . "\n"}
{ $returned_text = $item[1]; }
pseudoterm : /^\w+\/\d/ | /tty\d+/
# { $returned_text .= '|' . $item[1];
# print $item[0] . q( -> ) . $item[1] . "\n"}
{ $returned_text .= '|' . $item[1]; }
day_of_week: /\w+/
{ $returned_text .= '|' . $item[1]; }
month: /\w+/
{ $returned_text .= '|' . $item[1]; }
date: /\d+/
{ $returned_text .= '|' . $item[1]; }
year: /\d\d\d\d/
{ $returned_text .= '|' . $item[1]; }
login_time: /\d\d:\d\d/
{ $returned_text .= '|' . $item[1]; }
logout_time: /\d\d:\d\d/
{ $returned_text .= '|' . $item[1]; }
wtmp_time: /\d\d:\d\d:\d\d/
{ $returned_text .= '|' . $item[1]; }
session_total: /\(\d+?\+?\d+:\d+\)/
{ $returned_text .= '|' . $item[1]; }
login_host: /\d+\.\d+\.\d+\.\d+/
{ $returned_text .= '|' . $item[1]; }
EOG
) or die q(ERROR: bad Parse::RecDescent grammar);
#my $text = do { local $/; <> };
#$parser->wtmp($text) or print qq(No wtmp records found\n);
foreach my $line ( <STDIN> ) {
$line =~ s/\s+/ /g;
print q(=-) x 30 . qq(=\n);
print qq(line is: $line\n);
my $parser_return = $parser->wtmp($line);
if ( ! defined $parser_return ) {
print qq(line did not match\n);
} else {
my $return = $$parser_return;
print qq(Parsed line: ) . $return . qq(\n);
} # if ( ! defined $parser_return )
} # foreach my $line ( <STDIN> )