log analysis with perl and wireshark decode.

2010-04-11 1 min read Linux

Here is something that I had to do in couple of hours to check the logs. The problem was the log file was printing the Received and Sent message in the hex format. I had to verify if the messages were correct. So here is how to do it.

open(FP, &#8221;<$ARGV[0]&#8221;)|| die &#8221;File $ARGV[0] does not exist&#8221;;
while ($line = )
{

if ($line =~ /(Received :)|(Sending :)/)

{

@words = split(/\|/, $words[4]);
$received = $words[1];

# Convert to pcap using proprietery software.
system(&#8221;tshark -r /tmp/amit.pcap -V|grep -E -i &#8221;Amit\|Agarwal&#8221;&#8221;); # The grep expression only displays the fields of interest.

}

Another techique that is quite helpful is to use different color for grep when you are searching for error/warning. This can be done using:

GREP_COLOR=&#8221;01;31&#8221; && tshark command

[[danscartoon]]

comments powered by Disqus