On Friday 04 December 2009 02:09:35 pm Panagiotis Atmatzidis wrote:
> Hello,
> 
> I'm a total newbe. I'm trying to figure out how to grab a specific Xth
>  character from a .log and put it into an array.
> 
> So far, I've got to this code snippet:
> 
> ------------
> # encoding: utf-8
> class ReadIPs
>   def initialize
>     @read_ips = []
>   end
> 
>   def get_ips(filename)
>     ips = [] # make a list of ip addressses
>     File.foreach(filename) do |line|
>        puts "#{line}" if line =~ /Ban/
>        end
>   end
> end
> 
> ipadds = ReadIPs.new
> a = ipadds.get_ips("fail2ban.log")
> --------------
> 
> 
> The output though parses lines the following:
> 
> 2009-11-19 00:31:29,928 fail2ban.actions: WARNING [ssh-ipfw] Ban
>  203.169.139.171
> 
> 
> Now, I'd like to isolate the IP and put it into an Array.

It looks as though you've gotten that started...

>   def initialize
>     @read_ips = []
>   end

But you never seem to use this array.

>   def get_ips(filename)
>     ips = [] # make a list of ip addressses
>     File.foreach(filename) do |line|
>        puts "#{line}" if line =~ /Ban/
>        end
>   end

You never seem to use this array, either. You could do something like this:

def get_ips(filename)
  File.open filename do |file|
    file.each_line.select{|line| line =~ /Ban/}
  end
end

That will at least return an array of lines containing Ban. But you already 
know what each line looks like. Here's another way, that looks kind of like 
what you started:

def get_ips(filename)
  ips = []
  File.open filename do |file|
    file.each_line do |line|
      if line =~ /Ban\s+(\S+)$/
        ips << $1.chomp
      end
    end
  end
  ips
end

> I would like to use the output from the cli: "$ grep Ban fail2ban.log|awk
>  -F "Ban" '{print $2}'"

You could probably figure out a way to do this in Ruby, and it probably 
wouldn't be too much worse than the awk version, but if you really want to do 
it that way, try backticks. If this is the output you're expecting:

>  60.12.200.xx
>  193.193.221.xx
>  85.72.xx.xx
>  124.207.xx.xx

you could probably get away with:

ips = `grep Ban fail2ban.log | awk -F "BAN" '{print $2}'`.each_line.to_a

By the way, all of this is giving you ips as strings. If you're wanting to 
actually manipulate the ips at all, I'd suggest looking at IPAddr. (You 
probably don't, but just in case...)