jeudi 2 avril 2015

How to determine if strings of a certain block have appeared earlier in perl?

Lets say I have this kind of file with internet flow information in it (file contains unlimited amount of strings):



startTime                     sourceIP    destinationIP 
2015-03-31 08:47:27.671      10.0.26.48     10.0.26.255 
2015-03-31 08:47:28.108     10.50.26.180     10.90.26.255 
2015-03-31 08:47:35.015      10.0.26.74 255.255.255.255 
                         ...
2015-03-31 16:18:25.365      196.0.26.13     224.0.0.252 
2015-03-31 16:18:32.718      10.46.26.13     224.0.0.252 
2015-03-31 16:18:46.941      188.0.26.98     177.0.26.255 
2015-03-31 16:18:58.336      10.0.26.57     10.0.26.255
2015-03-31 15:53:37.451      50.0.26.13     224.0.0.252 
2015-03-31 15:53:55.086      10.0.26.13     40.30.0.252 
2015-03-31 15:53:55.097      128.0.26.13     224.0.0.252
                         ...
2015-04-01 22:38:43.500   192.168.0.109   78.57.218.154 
2015-04-01 22:38:43.500  213.159.38.184   192.168.0.109 
2015-04-01 22:38:46.359   178.250.32.43   192.168.0.109
2015-04-01 22:38:53.269  213.159.38.184   192.168.0.109 
2015-04-01 22:38:53.269   192.168.0.109  213.159.38.184 
2015-04-01 22:39:14.995    54.83.28.184   192.168.0.109


What I want to do is to determine weather newly appeared ip addresses are new. I would consider them as new if they appeared in like 1 or 2 days.


What would be the best programming solution with perl?


Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)