I have some firewall log data file of the form:

Source IP, Destination IP, Protocol, Destination Port

172.16.1.254,255.255.255.255,UDP,520
172.16.1.254,255.255.255.255,UDP,520
172.16.1.254,255.255.255.255,UDP,520
172.16.1.254,192.168.1.1,UDP,137
172.16.1.254,192.168.1.1,UDP,137
172.16.1.254,192.168.1.1,UDP,138
172.16.1.254,192.168.1.1,TCP,23

and I'd like to present this on a web page so that it ends up like:

Source IP, Destination IP, Protocol, Destination Port, Number of packets

172.16.1.254,255.255.255.255,UDP,520,3
172.16.1.254,192.168.1.1,UDP,137,2
172.16.1.254,192.168.1.1,UDP,138,1
172.16.1.254,192.168.1.1,TCP,23,1

But I'm not sure the best way to go about this. I'm thinking that it can be done by reading each field in with a multi-dimensional array with code something like:

Code:

list($sourceip,$destip,$protocol,$port)= explode(",",$logfile_line); $packet[$sourceip][$destip][$protocol][$port]++;

and then run through this in a nested loop to print it all out in a table, but is this an efficient way to go about it? Is there a better way? Multi-dimensional arrays make my head hurt!

Thanks!

Adrian (looking for the aspirin)

I would be inclined just to use the whole of each logfile line as one massive key and write
Code:

$packet[$logfile_line]++;

and the output using
Code:

foreach (array_keys ($packet) as $current) {     print "$current,$packet[$current]\n"; }

Oh - you'll need to trim the new line off the log file line - either when you read it in or before you output it.

Where a multidimensional array would start to be useful is if you wanted to start providing totals of rows / columns etc.

That looks much better - thanks!

er...slight problem still! The code produces the output I was looking for, but also a lot of warnings of the following type:

Notice: Undefined index 172.16.3.3,192,168.1.1,TCP,21 in script.php on line xxx

referring to the line

$packet[$logfile_line]++;

This is presumably because this is the first time $packet[$logfile_line] is referred to, as it hasn't been previously defined. But how do I suppress these messages? I assume I could turn them off globally somewhere in php.ini on the server, but is it possible from within the code?

Thanks!

Adrian

Two possible solutions ...

You could check whether the array member exists (see isset) ... inialise it to 1 if it is new and increment it by one if it already exists

or ...

You turn off notices by specifiying
Code:

error_reporting (E_ALL & ~ E_NOTICE);

before you start building us the array

That's done it! Many thanks for all your help, Graham!

Adrian

---