Member Avatar for larryperl

Hi,

I am writing a perl script and need some in extracting some data. Basically it is a Log Analyzer and there are multiple log files from where the data comes.

i am done with the grep part of the userID with this code-

#!/usr/bin/perl -w
open(VALUE, "< arcotwebfort_20May09_00_03_55.log");
@stock = <VALUE>; 
@matches = (grep(/$username/, @stock));
print @matches;

it gave me this output--
Tue May 19 23:46:29.946 2009 Morocco Standard Time INFO:    pid 2172 tid 688: 17: 10088781: ArAuthFrameworkImpl::doPreAuth::1:10088781:: Authentication mechanism returned [0] for AuthIdentity [01402629;ARCARD]
Tue May 19 23:46:29.946 2009 Morocco Standard Time INFO:    pid 2172 tid 688: 17: 10088781: ArAuthFrameworkImpl::doAuth::1:10088781:: Authentication mechanism returned [1] for AuthIdentity [01402629;ARCARD]
Tue May 19 23:46:29.946 2009 Morocco Standard Time INFO:    pid 2172 tid 688: 17: 10088781: ArAuthFrameworkImpl::doPostAuth::1:10088781:: Authentication mechanism returned [1] for AuthIdentity [01402629]
Tue May 19 23:47:14.149 2009 Morocco Standard Time INFO:    pid 2172 tid 3352: 17: 10088815: ArAuthFrameworkImpl::doPreAuth::1:10088815:: Authentication mechanism returned [0] for AuthIdentity [01402629;ARCARD]
Tue May 19 23:47:14.165 2009 Morocco Standard Time INFO:    pid 2172 tid 3352: 17: 10088815: ArAuthFrameworkImpl::doAuth::1:10088815:: Authentication mechanism returned [1] for AuthIdentity [01402629;ARCARD]
Tue May 19 23:47:14.165 2009 Morocco Standard Time INFO:    pid 2172 tid 3352: 17: 10088815: ArAuthFrameworkImpl::doPostAuth::1:10088815:: Authentication mechanism returned [1] for AuthIdentity [01402629]

i got the sessionID's from this,they are-10088781,10088815. like this there are plenty of sessionID related to a single user.

i collected this information in an array @matches. now i want to take sessionID's from this array and search for the sessionID in the logfile which AuthMechanism it belongs to.
There are three-four AuthMechanism to which a user can belong.they are--
QnAModule::authenticate
UPAuthModule::authenticate
UPAuthModule::authenticate

On the basis of these mechanisms i need to know the user belongs to which mechanism. This part is very tricky for me and i am stuck here as i am not well wersed with Perl and learning it.
I will upload my logfile. please suggest me to proceed further.
If my questions are not clear to you please let me know i will try to explain them better.Please help me in proceeding further, i am also trying to write it myself.
What i want is what the given user is doing in the session id and the session id is related to which mechanism.

So let say my script takes username as arguememnt, i am able to print all the information that is related to that user with sessionID's. this sessionID is related to diffrent Authentication mechanism mentioned earlier.The user can belong to any or all mechanisms.my basic criteria is that the user belongs to which mechanism and he is doing what(data related to the username in mechanisms)
The output should be like this--

say i gave the input username as 01018603, i will be able to get the output as--
the example belongs to one AuthMechanism ie QnA
Quote:
if [ sessionID_No_Got_from_the_username_list == QnA sessionID ]; then
print all the data inside that sessionID that relates to user with timestamp
print this also
Handle_NSPAdvice:: Handling NSPAdvice for mechanism [2] with time stamp.

Any advice on the script or help will be very greatful.
Thanks
NT

  • 1 Contributor
  • 1 Reply
  • 339 Views
  • 1 Day Discussion Span
  • Latest Post Latest Post by larryperl
Member Avatar for larryperl

Hi,

I am explaing these question as this will be easy to understand the problem-
1. How are you relating session ids to users? Is the user id listed in the logfile or do you have a separate list?

2. How are the session ids related to authentication methods? Again, is this information available in the logfile or do you have a separate list?

:

1.. Yes userID is is listed in the logfile by name userName. When we search for the userName, it gives us details about the userName and which sessionID's it belongs.SessionID comes after tid value and leaving one more field after that,consisting of 8digits. each seesion id gives us the details about which mechanism it belongs to.
2. Each sessionID belongs to a mechanism,if we specifically search for the SessionID's it will show the details like this.
	

Tue May 19 22:29:12.634 2009 Morocco Standard Time INFO:    pid 2172 tid 688: 0: 10081229: Message: ArAuthBinaryAuthRequestMgr::setSecurityInfo: security_info_offset [0] is invalid. Assuming security info not available. 
Tue May 19 22:29:12.634 2009 Morocco Standard Time INFO:    pid 2172 tid 688: 60: 10081229: Entering [MechQnA::handleAuthRequest] 
Tue May 19 22:29:12.634 2009 Morocco Standard Time INFO:    pid 2172 tid 688: 60: 10081229: Exiting [MechQnA::handleAuthRequest] 
Tue May 19 22:29:12.634 2009 Morocco Standard Time INFO:    pid 2172 tid 688: 17: 10081229: Using session identifier [1:10081229] 
Tue May 19 22:29:12.634 2009 Morocco Standard Time INFO:    pid 2172 tid 688: 160: 10081229: Entering QnAModule::openSession 
Tue May 19 22:29:12.634 2009 Morocco Standard Time INFO:    pid 2172 tid 688: 160: 10081229: Exiting QnAModule::openSession 
Tue May 19 22:29:12.634 2009 Morocco Standard Time INFO:    pid 2172 tid 688: 17: 10081229: ArAuthFrameworkImpl::doPreAuth::1:10081229:: Authentication mechanism returned [0] for AuthIdentity [01018603] 
Tue May 19 22:29:12.634 2009 Morocco Standard Time INFO:    pid 2172 tid 688: 160: 10081229: Entering QnAModule::authenticate 
Tue May 19 22:29:12.634 2009 Morocco Standard Time INFO:    pid 2172 tid 688: 160: 10081229: QnA Session Id :[1:10081229] 
Tue May 19 22:29:12.634 2009 Morocco Standard Time INFO:    pid 2172 tid 688: 160: 10081229: QNA Step - ASK AUTH QUESTIONS 
Tue May 19 22:29:12.634 2009 Morocco Standard Time INFO:    pid 2172 tid 688: 160: 10081229: User DB Query Details: 
Tue May 19 22:29:12.634 2009 Morocco Standard Time INFO:    pid 2172 tid 688: 160: 10081229: userName :[01018603] 
Tue May 19 22:29:12.634 2009 Morocco Standard Time INFO:    pid 2172 tid 688: 160: 10081229: Group ID :1020 
Tue May 19 22:29:12.634 2009 Morocco Standard Time INFO:    pid 2172 tid 688: 160: 10081229: User ID  :-1 
Tue May 19 22:29:12.634 2009 Morocco Standard Time INFO:    pid 2172 tid 688: 160: 10081229: Number of rows fetched from DB : 1 
Tue May 19 22:29:12.634 2009 Morocco Standard Time INFO:    pid 2172 tid 688: 160: 10081229: Entering QnAUserData::dump 
Tue May 19 22:29:12.634 2009 Morocco Standard Time INFO:    pid 2172 tid 688: 160: 10081229: Exiting QnAUserData::dump 
Tue May 19 22:29:12.634 2009 Morocco Standard Time INFO:    pid 2172 tid 688: 160: 10081229: Set of questions(bitmap) selected : 3 
Tue May 19 22:29:12.634 2009 Morocco Standard Time INFO:    pid 2172 tid 688: 160: 10081229: Session tracker Id associated with QnA challenge(auth round questions) : [1:10081229] 
Tue May 19 22:29:12.634 2009 Morocco Standard Time INFO:    pid 2172 tid 688: 160: 10081229: Exiting QnAModule::authenticate 
Tue May 19 22:29:12.634 2009 Morocco Standard Time INFO:    pid 2172 tid 688: 17: 10081229: ArAuthFrameworkImpl::doAuth::1:10081229:: Authentication mechanism returned [1] for AuthIdentity [01018603] 
Tue May 19 22:29:12.634 2009 Morocco Standard Time INFO:    pid 2172 tid 688: 160: 10081229: Handle_NSPAdvice:: Handling NSPAdvice for mechanism [2] 
Tue May 19 22:29:12.634 2009 Morocco Standard Time INFO:    pid 2172 tid 688: 17: 10081229: ArAuthFrameworkImpl::doPostAuth::1:10081229:: Authentication mechanism returned [1] for AuthIdentity [01018603] 
Tue May 19 22:29:12.634 2009 Morocco Standard Time INFO:    pid 2172 tid 688: 160: 10081229: Entering QnAModule::closeSession 
Tue May 19 22:29:12.634 2009 Morocco Standard Time INFO:    pid 2172 tid 688: 160: 10081229: Exiting QnAModule::closeSession 
Tue May 19 22:29:12.649 2009 Morocco Standard Time INFO:    pid 2172 tid 688: 60: 10081229: Entering [MechQnA::handleAuthResMoreSteps] 
Tue May 19 22:29:12.649 2009 Morocco Standard Time INFO:    pid 2172 tid 688: 60: 10081229: Exiting [MechQnA::handleAuthResMoreSteps] 
Tue May 19 22:29:12.649 2009 Morocco Standard Time INFO:    pid 2172 tid 688: 60: 10081229: Sending Continue with challenge 
Tue May 19 22:29:12.649 2009 Morocco Standard Time INFO:    pid 2172 tid 688: 61: 10081229: Packet being sent

Thi sdetails will simply tell us which mechanis it belong as we can see the lines like "QnA Session Id :[1:10081229]" in the sessionID related data. This information is available in the logfile. QnAModule is there in the logfile uploaded.
I think now question will be much clear,if not still kindly tell me. and i will try to elaborate more.

Thanks
NT

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.