[ale] Text Processing Happiness - I'm no longer lost

James P. Kinney III jkinney at localnetsolutions.com
Sat Aug 18 16:33:10 EDT 2007 

On Sat, 2007-08-18 at 10:40 -0700, Bruce wrote:
> Now, for step two.
> 
> I'm exporting tons of wonderful data, but want to find
> out what unique applications are running. The records
> look like this:
> 10.1.31.84,10.1.12.92,539,0,TCP_ars-master-3176-tcp,2,88,1
> 10.1.31.84,10.1.12.92,539,0,TCP_csd-mgmt-port-3071-tcp,2,88,1
> 10.1.31.84,10.1.12.92,539,0,TCP_d2000kernel-3119-tcp,2,88,1
> 10.1.31.84,10.1.12.92,539,0,TCP_feitianrockey-3152-tcp,2,88,1
> 10.1.31.84,10.1.12.92,539,0,TCP_hp-pxpib-3101-tcp,2,88,1
> 10.1.31.84,10.1.12.92,539,0,TCP_ncadg-ip-udp-3063-tcp,2,88,1
> 10.1.31.84,10.1.12.92,539,0,TCP_ndl-aas-3128-tcp,2,88,1
> 10.1.31.84,10.1.12.92,539,0,TCP_responsenet-3045-tcp,2,88,1
> 10.1.31.84,10.1.12.92,539,0,TCP_tarantella-3144-tcp,2,88,1
> 10.1.31.84,10.1.12.92,539,0,TCP_tip-app-server-3160-tcp,2,88,1
> 
> What I'd like to do is find out all the unique
> applications that are running on the network. I want
> to pipe in the file, use the comma as a field
> delimiter - and strip out fields one, two, three, four
> - keep field five (the application), then strip out
> fields six, seven and eight (packets, octets and
> flows). Once I get all the applications stripped out,
> I'll do a sort uniq to get down to one instance per
> app. 
> 
> I think the cut command would do the trick, and am
> googling it. Is that the right direction? How do I
> strip the fields and just leave the app. name there?

| cut -f 5 -d ","

Will output just field 5 split on ","

> 
> --- Bruce <callmebruce2002 at yahoo.com> wrote:
> 
> > Thanks! That did the trick. Now I'm collecting on
> > all well-known and registered ports. 
> 
> 
>        
> ____________________________________________________________________________________Ready for the edge of your seat? 
> Check out tonight's top picks on Yahoo! TV. 
> http://tv.yahoo.com/
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
> 
-- 
James P. Kinney III          
CEO & Director of Engineering 
Local Net Solutions,LLC        
770-493-8244                    
http://www.localnetsolutions.com

GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
<jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part

More information about the Ale mailing list