This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Duplicate IDs

I just wanted to share the perl script i wrote to find duplciate unique IDs in Sophos. It scans the IIS logs looking for duplicate GUIDs.

#Stephen
#Check for Duplicates
use Data::Dumper;
$file = "\\\\sophos-c108-01\\W3SVC1\\u_ex110822.log";
my %hash = ();
my %hDup = ();
open FILE, $file or die $!;
while (<FILE>)
{ 
@data = ($_ =~ /(\b143\.55\.\d{1,3}\.\d{1,3}\b).*?(\b143\.55\.\d{1,3}\.\d{1,3}\b).*?(\{{0,1}[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}\}{0,1})/);
#print $data[0] . "\n";
if ((exists $hash{$data[2]}) && ($hash{$data[2]} ne $data[1]))
{
if(not exists $hDup{$data[1]})
{
print $data[1] . "\n";
$hDup{$data[1]} = $data[1];
}
}
else
{
$hash{$data[2]} = $data[1];
}
}
close(FILE);

I have more info on my blog about it.

http://www.stephenjc.com/2011/08/23/sophos-duplicate-ids/

This thread was automatically locked due to age.

Parents

0 Pjgfi over 12 years ago

Er, yes I think I did ! :smileywink:
We have machines that keep appearing with different names in the same folder in the console (out of place, then).
If I look at the Web events in the log of those machines, they originate from different users like they would take turn on the same machine albeit working hundred kilometers from each other.
So, do I need to get ID info from the database then ?
PJ
:36967
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Pjgfi over 12 years ago

Er, yes I think I did ! :smileywink:
We have machines that keep appearing with different names in the same folder in the console (out of place, then).
If I look at the Web events in the log of those machines, they originate from different users like they would take turn on the same machine albeit working hundred kilometers from each other.
So, do I need to get ID info from the database then ?
PJ
:36967
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data