Log-Grok: Search within logfiles for either a regex pattern or for an IP that matches a given CIDR range

lg.pl

#!/usr/bin/perl
use strict;
use Getopt::Long;
use Net::CIDR ':all';

$|++;

my $re = '.*';
my $verbose = 0;
my $cidr_str = undef;
my @cidr;

GetOptions ("re=s" => \$re,    
            "cidr=s"   => \$cidr_str,  
            "verbose"  => \$verbose) 
or die("Error in command line arguments\n");

if( $cidr_str ){
	push( @cidr, $cidr_str );	
}

# Log Grok -- Find logs, and grok them

sub open_fd {
	my $filename = shift;
	if( $filename =~ /\.gz$/ ){
		open my $fd, "zcat $filename |";
		return $fd;
	}

	if( $filename =~ /.bz2$/ ){
		open my $fd, "bzcat $filename |";
		return $fd;
	}

	if( $filename =~ /.log$/ ){
		open my $fd, "cat $filename |";
		return $fd;
	}
	return undef;
}

# Get a list of filenames passed in
my @FILENAMES = grep { -e $_ } @ARGV;

for my $filename ( @FILENAMES ){
	my $fd = open_fd( $filename );

	if( $fd ){
		#local $/;
		while( <$fd> ){
			if( $cidr_str ){
				# Extract any IPs
				if( /(\d+\.\d+\.\d+\.\d+)/ ){
					my $ip = $1;
					print "$filename: $_" if cidrlookup( $ip, @cidr );
				}
			} else {
				print "$filename: $_" if grep { /$re/o } $_;
			}
		}
	}
}

Run it like:

$ find . | xargs lg.pl --re 'something'

or

$ find . | xargs lg.pl --cidr '192.168.0/24'