My TCL script:

set line { 
Jul 24 21:06:40 2014: %AUTH-6-INFO: login[1765]: user 'admin' on 'pts/1' logged
Jul 24 21:05:15 2014: %DATAPLANE-5-: Unrecognized HTTP URL www.58.net. Flow: 0x2
Jul 24 21:04:39 2014: %DATAPLANE-5-: Unrecognized HTTP URL static.58.com. Flow:
Jul 24 21:04:38 2014: %DATAPLANE-5-: Unrecognized HTTP URL www.google-analytics.
com. Flow: 0x2265394048.
Jul 24 21:04:36 2014: %DATAPLANE-5-: Unrecognized HTTP URL track.58.co.in. Flow: 0
Jul 24 21:04:38 2014: %DATAPLANE-5-:Unrecognized HTTP URL www.google.co.in. Flow: 0x87078800
Jul 24 21:04:38 2014: %DATAPLANE-5-:CCB:44:Unrecognized Client Hello ServerName www.google.co.in. Flow: 0x87073880. len_analyzed: 183
Jul 24 21:04:38 2014: %DATAPLANE-5-:CCB:44:Unrecognized Server Hello ServerName test1. Flow: 0x87073880, len_analyzed 99
Jul 24 21:04:38 2014: %DATAPLANE-5-:CCB:44:Unrecognized Server Cert CommonName *.google.com. Flow: 0x87073880
Jul 24 21:04:38 2014: %DATAPLANE-5-:CCB:44:Searching rname(TYPE_A) cs50.wac.edgecastcdn.net in dns_hash_table
Jul 24 21:04:38 2014: %DATAPLANE-5-:Unrecognized HTTP URL www.facebook.com. Flow: 0x87078800
Jul 24 21:04:38 2014: %DATAPLANE-5-:CCB:44:Unrecognized Client Hello ServerName www.fb.com. Flow: 0x87073880. len_analyzed: 183
Jul 24 21:05:38 2014: %DATAPLANE-5-:CCB:44:Unrecognized Server Hello ServerName test. Flow: 0x87073880, len_analyzed 99
Jul 24 21:04:38 2014: %DATAPLANE-5-:CCB:44:Unrecognized Server Cert CommonName *.facebook.com. Flow: 0x87073880
Jul 24 21:05:39 2014: %DATAPLANE-5-:CCB:44:Searching rname(TYPE_A) cs50.wac.facebook.net in dns_hash_table
}

set urls [list]
        foreach item [regexp -all -inline {URL\s+\S+} $line] {
        lappend urls [lindex $item 1]
        }
        #puts $res
            set s "*****************************************************"
            set f {}
            set f [open output.txt a]
            if {$f ne {}} {

            foreach url $urls {
            chan puts $f $url

            }
            chan puts $f $s
            chan close $f
            }

My Requirement:

REQ 1. I need to grep the following things from $line variable.

1. URL www.58.net

2. Client Hello ServerName www.google.co.in.

3. Server Hello ServerName test1

4. Server Cert CommonName *.google.com.

5. rname(TYPE_A) cs50.wac.edgecastcdn.net

URL, Client Hello ServerName, Server Hello ServerName, Server Cert CommonName, rname are the common fields. Need to grep the words whatever appearing after that as shown above.

REQ 2. When I browse a URL, Iam getting the contents of $line. When I open a URL, my script should automatically grep the above things, and store in MS Excel file.There should be 5 columns in excel sheet each for one field. When "URL" found in a $line, it should Go and sit into column 1 of excel sheet. When "Client Hello ServerName" found, it should be moved to column 2 of excel sheet. Like this I want to upload all 5 datas to excel sheet.

Using my script provided above, I am able to grep URL's and able to upload into an .txt file.

Please guide me your ideas. Thanks a lot in advance.

Thanks,

Balu P.

Like most RE engines, Tcl's allows alternation through the use of the | operator. This lets you do:

# This is using expanded syntax
foreach {whole type payload} [regexp -all -inline {(?x)
    \y ( URL
      | (?: Client | Server)[ ]Hello[ ]ServerName
      | Server[ ]Cert[ ]CommonName
      | rname\(TYPE_A\) )
    \s+ (\S+)
} $line] {
    puts "type = $type"
    puts "payload = [string trimright $payload .]"
}

(The tricky bits: \y means “word boundary”, and real spaces have to be written as [ ] because of expanded mode swallowing whitespace otherwise.)

When I try with your data, I get this output (two output lines per matched input line):

type = URL
payload = www.58.net
type = URL
payload = static.58.com
type = URL
payload = www.google-analytics
type = URL
payload = track.58.co.in
type = URL
payload = www.google.co.in
type = Client Hello ServerName
payload = www.google.co.in
type = Server Hello ServerName
payload = test1
type = Server Cert CommonName
payload = *.google.com
type = rname(TYPE_A)
payload = cs50.wac.edgecastcdn.net
type = URL
payload = www.facebook.com
type = Client Hello ServerName
payload = www.fb.com
type = Server Hello ServerName
payload = test
type = Server Cert CommonName
payload = *.facebook.com
type = rname(TYPE_A)
payload = cs50.wac.facebook.net

I don't know if this is exactly what you want, but it's very close.

For the second question, you need to either generate a CSV file (Tcl's got a package for that in the community library, tcllib) or to use COM to talk to Excel and manipulate things in there directly (the Tcom package is the generally recommended approach there). Which is best will depend on factors that you are not telling us; you should ask that as a separate question while explaining what the situation is (e.g., is there an existing spreadsheet or will the spreadsheet be created de novo.)

you can write a procedure & pass the type as filename & payload as data to be written. I have wrote one below.

proc type2file {filename payload} {

set name [string trim $filename].txt
set fp [open $name a]
puts $fp $payload
close $fp

}

call this inside for loop. Please let me know if it works for you.