[ale] Is awk the right tool for this?

Fletch fletch at phydeaux.org
Tue May 7 09:39:49 EDT 2002


>>>>> "Kevin" == Kevin Krumwiede <krum at smyrnacable.net> writes:

    Kevin> I want to go through my firewall logs and extract the
    Kevin> source address of dropped packets.  I can't just use cut to
    Kevin> get the right field because of different flags on the
    Kevin> packets.  So how do I get just the token that begins with
    Kevin> "SRC="?  I have a feeling awk is the tool for the job, but
    Kevin> I don't really know how to use it.

    Kevin> grep dropped /var/log/kernel/info | ??? | sort | uniq | ...

        If you want them sorted in order of number of incidents:


perl -lne \
  '/SRC=(\S+)/&&$a{$1}++;END{print for sort{$a{$b}<=>$a{$a}}keys%a}' \
  /var/log/kernel/info


        In numeric order by IP address:


perl -MSocket=inet_aton -lne \
  '/SRC=(\S+)/&&$a{$1}++;END{print for map{$_->[0]}sort{$a->[1]<=>$b->[1]}map{[$_,inet_aton($_)]}keys%a}' \
  /var/log/kernel/info


-- 
Fletch                | "If you find my answers frightening,       __`'/|
fletch at phydeaux.org   |  Vincent, you should cease askin'          \ o.O'
770 933-0600 x211(w)  |  scary questions." -- Jules                =(___)=
770 294-0820 (m)      |                                               U

---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.






More information about the Ale mailing list