log analysis with perl and wireshark decode.

Here is something that I had to do in couple of hours to check the logs. The problem was the log file was printing the Received and Sent message in the hex format. I had to verify if the messages were correct. So here is how to do it.

open(FP, \”<$ARGV[0]\”)|| die \”File $ARGV[0] does not exist\”;
while ($line = <FP>)
{

if ($line =~ /(Received :)|(Sending :)/)

{

@words = split(/\\|/, $words[4]);
$received = $words[1];

# Convert to pcap using proprietery software.
system(\”tshark -r /tmp/amit.pcap -V|grep -E -i \”Amit\\|Agarwal\”\”); # The grep expression only displays the fields of interest.

}

Another techique that is quite helpful is to use different color for grep when you are searching for error/warning. This can be done using:

GREP_COLOR=\”01;31\” && tshark command

[[danscartoon]]

One thought on “log analysis with perl and wireshark decode.”