Training, Open Source computer languages
PerlPHPPythonMySQLApache / TomcatTclRubyJavaC and C++LinuxCSS 
Search for:
Home Accessibility Courses Diary The Mouth Forum Resources Site Map About Us Contact
Multi-dimensional arrays

Posted by aparks (aparks), 9 February 2004
I have some firewall log data file of the form:

Source IP, Destination IP, Protocol, Destination Port

172.16.1.254,255.255.255.255,UDP,520
172.16.1.254,255.255.255.255,UDP,520
172.16.1.254,255.255.255.255,UDP,520
172.16.1.254,192.168.1.1,UDP,137
172.16.1.254,192.168.1.1,UDP,137
172.16.1.254,192.168.1.1,UDP,138
172.16.1.254,192.168.1.1,TCP,23

and I'd like to present this on a web page so that it ends up like:

Source IP, Destination IP, Protocol, Destination Port, Number of packets

172.16.1.254,255.255.255.255,UDP,520,3
172.16.1.254,192.168.1.1,UDP,137,2
172.16.1.254,192.168.1.1,UDP,138,1
172.16.1.254,192.168.1.1,TCP,23,1

But I'm not sure the best way to go about this. I'm thinking that it can be done by reading each field in with a multi-dimensional array with code something like:

Code:
list($sourceip,$destip,$protocol,$port)= explode(",",$logfile_line);
$packet[$sourceip][$destip][$protocol][$port]++;


and then run through this in a nested loop to print it all out in a table, but is this an efficient way to go about it? Is there a better way? Multi-dimensional arrays make my head hurt!

Thanks!

Adrian (looking for the aspirin)

Posted by admin (Graham Ellis), 9 February 2004
I would be inclined just to use the whole of each logfile line as one massive key and write
Code:
$packet[$logfile_line]++;

and the output using
Code:
foreach (array_keys ($packet) as $current) {
    print "$current,$packet[$current]\n";
}


Oh - you'll need to trim the new line off the log file line - either when you read it in or before you output it.

Where a multidimensional array would start to be useful is if you wanted to start providing totals of rows / columns etc.

Posted by aparks (aparks), 9 February 2004
That looks much better - thanks!

Posted by aparks (aparks), 9 February 2004
er...slight problem still! The code produces the output I was looking for, but also a lot of warnings of the following type:

Notice: Undefined index 172.16.3.3,192,168.1.1,TCP,21 in script.php on line xxx

referring to the line

$packet[$logfile_line]++;

This is presumably because this is the first time $packet[$logfile_line] is referred to, as it hasn't been previously defined. But how do I suppress these messages? I assume I could turn them off globally somewhere in php.ini on the server, but is it possible from within the code?

Thanks!

Adrian

Posted by admin (Graham Ellis), 9 February 2004
Two possible solutions ...

You could check whether the array member exists (see isset) ... inialise it to 1 if it is new and increment it by one if it already exists

or ...

You turn off notices by specifiying
Code:
error_reporting (E_ALL & ~ E_NOTICE);

before you start building us the array

Posted by aparks (aparks), 9 February 2004
That's done it! Many thanks for all your help, Graham!

Adrian



This page is a thread posted to the opentalk forum at www.opentalk.org.uk and archived here for reference. To jump to the archive index please follow this link.

You can Add a comment or ranking to this page

© WELL HOUSE CONSULTANTS LTD., 2014: Well House Manor • 48 Spa Road • Melksham, Wiltshire • United Kingdom • SN12 7NY
PH: 01144 1225 708225 • FAX: 01144 1225 899360 • EMAIL: info@wellho.net • WEB: http://www.wellho.net • SKYPE: wellho