current community

your communities

more stack exchange communities

Stack Exchange
tour help
careers 2.0
Take the 2-minute tour ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
up vote 0 down vote favorite

Looking for a little help here. I'm trying to parse a space delimited text file, and create a multidimensional array. The data file is an Apache2 log file, but the experience would apply to many text files.

What I'm trying to do do is read a record(a line), then: 1. Extract the source ip address. 2. Check if this ip address has been seen before. 3. Extract the destination port of the packet. 4. Sum how many times this ip address has sent a packet to this port.

So conceptually:

SRC-IP PORT SUM
-----------------------------------
111.222.111.222 - 22 - 3 times
232.1.45.8 - 23 - 23 times
- 80 - 1 time
- 5353 - 2 times
217.163.132.190 - 23 - 12 times

I can open the file and extract the source ip, check to insure it's unique, and put it in an array if it is. What I can't figure out is how to add the destination port, as a second field in the array, let alone how to add a count of said dest ports as a third field in the array. All the examples I've found on www.php.net are overly simplistic, basically just popullating a multidimensional array by hand. None seem to show how to create a multidimensional array and then explain how to populate the dimensions programmatically.

The following is the script: ` 

 if (($handle = fopen("firewall", "r")) !== FALSE) {
    while (($data = fgetcsv($handle, 1000, " ")) !== FALSE) {
            if(!in_array($data[8], $src_ip)){
                    array_push($src_ip, $data[8]);
            }
            foreach($data as $value){
                    if(strstr($value, $dest_port)){
 // --> where I'm stuck     array_push($src_ip[][], $value);
                            print($data[8]). " ";
                            print($value)."\n";
                    }
            }
            $row++;
    }
}
fclose($handle);
$unique_ip = count($src_ip);
print("$row dropped packets from $unique_ip unique ip addresses.\n");
?>`

This is the final line of the output: 1154 dropped packets from 302 unique ip addresses.

If a chunk of the data I'm working with would be helpful, let me know. It's just an firewall log.

Any help at all would be appreciated. Cheers, Terry.

share|improve this question
    
$arr[$ip][$port][] = array(... other data fields here)? –  Marc B Mar 12 at 4:09
    
Trying to get something like this, yeah. TY! –  user3408816 Mar 12 at 4:56

1 Answer 1

up vote 0 down vote accepted

UPDATED :

if (($handle = fopen("firewall", "r")) !== FALSE) {
    while (($data = fgetcsv($handle, 1000, " ")) !== FALSE) {
        if (!isset($src_ip[$data[8]])) {
            $src_ip[$data[8]] = array();
        }
        foreach ($data as $value) {
            if (strstr($value, $dest_port)) {
                if (!isset($src_ip[$data[8]][$value]))
                    $src_ip[$data[8]][$value] = array('count' => 0);

                $src_ip[$data[8]][$value]['count'] += (int)$THIS_ROWS_COUNT;
                print($data[8]) . " ";
                print($value) . "\n";
            }
        }
        $row++;
    }
}
share|improve this answer
    
I see in my original post that a few lines were cut off. –  user3408816 Mar 12 at 4:40
    
I define the $src_ip array like this: $src_ip = array(array(array())); // <-- not the way to do it?? Also, I'm trying to get something like @Marc_B above recommended: $arr['source_ip']['port']['count'] Thanks. –  user3408816 Mar 12 at 4:48
    
updated the answer –  Exlord Mar 12 at 5:36

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.