#!/usr/bin/perl use strict; # convert nice input format into single lines: # (index, key, srcip, dstip, proto, srcport, dstport, bytesin, bytesout, # bytestotal, pktsin, pktsout, tsfirsts, tsfirstus, tslasts, tslastus, # durations, durationus) # Copyright 2002, 2003, 2004 Remco van de Meent, University of Twente # # Author: # Remco van de Meent # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # my ($dataset) = @ARGV; my ($index, $key, $srcip, $dstip, $proto, $srcport, $dstport, $bytesin, $bytesout); my ($bytestotal, $pktsin, $pktsout, $tsfirsts, $tsfirstus, $tslasts, $tslastus); my ($durations, $durationus); open IN, "< $dataset"; my ($t1, $t2, $t3); # temporary variables $index = $key = $srcip = $dstip = $proto = $srcport = $dstport = 0; $bytesin = $bytesout = $bytestotal = $pktsin = $pktsout = 0; $tsfirsts = $tsfirstus = $tslasts = $tslastus = $durations = $durationus = 0; while() { chop; if (/^Flow/) { # dump flow info (previous flow) if ($index != 0) { print "$index:$key:$srcip:$dstip:$proto:$srcport:$dstport:"; print "$bytesin:$bytesout:$bytestotal:$pktsin:$pktsout:"; print "$tsfirsts:$tsfirstus:$tslasts:$tslastus:$durations:$durationus"; print "\n"; } $index = $key = $srcip = $dstip = $proto = $srcport = $dstport = 0; $bytesin = $bytesout = $bytestotal = $pktsin = $pktsout = 0; $tsfirsts = $tsfirstus = $tslasts = $tslastus = $durations = $durationus = 0; ($t1,$t2,$t3,$index) = split(/[ ()]/, $_); } elsif (/key/) { ($t1,$t2,$t3,$key) = split / /; } elsif (/src ip/) { ($t1,$srcip) = split /src ip: /; } elsif (/dst ip/) { ($t1,$dstip) = split /dst ip: /; } elsif (/proto/) { ($t1,$proto) = split /proto: /; } elsif (/src_port/) { ($t1,$srcport) = split /src_port: /; } elsif (/dst_port/) { ($t1,$dstport) = split /dst_port: /; } elsif (/bytes_in/) { ($t1,$bytesin) = split /bytes_in: /; } elsif (/bytes_out/) { ($t1,$bytesout) = split /bytes_out: /; } elsif (/bytes_total/) { ($t1,$bytestotal) = split /bytes_total: /; } elsif (/pkts_in/) { ($t1,$pktsin) = split /pkts_in: /; } elsif (/pkts_out/) { ($t1,$pktsout) = split /pkts_out: /; } elsif (/ts_first/) { ($t1,$t2,$t3,$tsfirsts,$tsfirstus) = split / /; } elsif (/ts_last/) { ($t1,$t2,$t3,$tslasts,$tslastus) = split / /; } elsif (/duration/) { ($t1,$t2,$t3,$durations,$durationus) = split / /; } else { next; } } # dump last flow print "$index:$key:$srcip:$dstip:$proto:$srcport:$dstport:"; print "$bytesin:$bytesout:$bytestotal:$pktsin:$pktsout:"; print "$tsfirsts:$tsfirstus:$tslasts:$tslastus:$durations:$durationus"; print "\n";