Need awk help (maybe sed)

Need awk help (maybe sed)

Post by Dean Brissing » Thu, 13 Jul 1995 04:00:00



Mon Apr 3 15:56:43 MDT 1995:brissing:/usr/local/bin/telnet 128.97.36.101 3000

        The above is a line from the telnet logs on this system.  I have people
asking me how they can look through here without catting the whole file and
find those with ports on them.  I don't know how I can do this, but I figure
awk can accomplish such.  Can anyone give me an example awk script or line
that will do this?

        Thanks for your help.  Sorry that my awk ignorance still continues on,
I'm baffled by it yet. :)
--

+-------------------ooo---------ooo-------------------+
|                  Dean J. Brissinger                 |
|                                                     |
|       CEO & Founder of the *nated Scholars      |
|                                                     |
+------------------oOOo----A----oOOo------------------+
                          0 0
                         ~~~ ~

 
 
 

Need awk help (maybe sed)

Post by Heiner Stev » Thu, 13 Jul 1995 04:00:00


 > Mon Apr 3 15:56:43 MDT 1995:brissing:/usr/local/bin/telnet 128.97.36.101 3000

 >   The above is a line from the telnet logs on this
 > system.  I have people asking me how they can look through here
 > without catting the whole file and find those with ports on
 > them.  I don't know how I can do this, but I figure awk can
 > accomplish such.  Can anyone give me an example awk script or
 > line that will do this?

    awk '($6 ~ /telnet/) && ($8 ~/^[0-9][0-9]*$/)'

Heiner
--

     -------------------------------------------------------------

   / BinTec Computersysteme GmbH / mine, not BinTec's --       /
  / Willstaetter Str. 30 ------- ...even if they should be ;-)/

------------------------------------------------------------

 
 
 

Need awk help (maybe sed)

Post by Ed Moo » Thu, 13 Jul 1995 04:00:00


:  > Mon Apr 3 15:56:43 MDT 1995:brissing:/usr/local/bin/telnet 128.97.36.101 3000

<snip>

:     awk '($6 ~ /telnet/) && ($8 ~/^[0-9][0-9]*$/)'

Why are two occurrences of [0-9] needed to pick up the port number?

 
 
 

Need awk help (maybe sed)

Post by Jim Mon » Sun, 16 Jul 1995 04:00:00



Quote:> >     awk '($6 ~ /telnet/) && ($8 ~/^[0-9][0-9]*$/)'
> Why are two occurrences of [0-9] needed to pick up the port number?

POSIX 1003.2        English
------------        -------------------------------------------------------
[0-9][0-9]*   -->   "One (at least one) or more occurrences of the class of
                    characters '0' through '9'."

[0-9]+        -->   Ditto.

The first of these two regular expressions is a POSIX 1003.2 'basic'
regular expression and should work in every version of awk.  The second
one is an 'extended' regular expression and may not work in every
implementation of awk.  I read this in BSD/OS 2.0 RE_FORMAT(7) and MKS
Toolkit REGEX(5).

The regular expression '[0-9]*' (which means "zero or more occurrences of
the class of characters '0' through '9'") would match every string.  The
expression '$8 ~ /^[0-9]*$/' matches all lines that have a port number on
them, but also matches all lines that don't have any port number on
them since '^[0-9]*$' matches the null string.

---
Jim Monty

Tempe, Arizona USA

 
 
 

Need awk help (maybe sed)

Post by Pete Houst » Mon, 17 Jul 1995 04:00:00




>:     awk '($6 ~ /telnet/) && ($8 ~/^[0-9][0-9]*$/)'

>Why are two occurrences of [0-9] needed to pick up the port number?

Because the * matches zero or more occurances. However, the + allowed
in most REs will match one or more, so you could use

        $8 ~ /^[0-9]+$/

instead.
--

WWW: http://sable.ox.ac.uk/~phouston/ |
Phone: +44-1865-792542                |
Fax:   +44-1865-58817                 |

 
 
 

1. sed and awk help needed

Hi all:

Having trouble puting in some logic using while and if loops after I use
sed and awk. Beating my brains out for the last couple of days with
no luck.

Below, I have a snippet of the code and a snippet of the log file. I am
working with the sudo.log file and looking to get counts of who does
what,when and where.

I have found some useful perl tools to do this but I cannot rely on
everybody having perl or wanting to have it. I would like to do it in
shell.

I am wanting to itemize those entries that have "NOT in sudoers" in
addition to the other info in the file. I am able to to get the info if
everything is OK but not for users who are not listed in the sudoers
file. If the user is not in the sudoers, the field layouts change and
that is what I need to account for in addition to the the other info.

Here is a snippet of the sudo.log file:
---------------------------------------------------------------------
Jan  3 06:38:40 : ww91599 : HOST=$HOST : TTY=ttyp1 ;
    PWD=/tmp_mnt/users/its/ww91599 ; USER=root ; COMMAND=/usr/bin/rlogin
    $ANOTHERHOST
Jan  3 07:04:26 : ren0073 : HOST=$HOST : TTY=ttyp4 ;
    PWD=/tmp_mnt/users/its/ren0073/SQL/FORMS ; USER=root ;
    COMMAND=/usr/bin/su - prodadmn
Jan  3 08:42:01 : np14323 : HOST=$HOST : user NOT in sudoers ; TTY=pts/3
    ; PWD=/rims/Src/monitor_fe/qa_rpt ; USER=root ; COMMAND=prodadmn
Jan  3 08:53:34 : ren0073 : HOST=$HOST : TTY=ttyp4 ;
    PWD=/tmp_mnt/users/its/ren0073/SQL/FORMS ; USER=root ;
    COMMAND=/usr/bin/su - prodadmn
Jan  3 08:53:41 : root : HOST=$HOST : TTY=pts/4 ; PWD=/admin ; USER=root
    ; COMMAND=/usr/bin/su - frnrit

Here is a snippet of the code I have been working with.
If I take out the looping logic, the parsing works fine except for the
"NOT in sudoers" - the fields change.
-----------------------------------------------------------------------
!/bin/sh
DAY=`TZ=MST-24 date -u +%d`
MONTH=`date +%b`
YEAR=`date +%Y`
DATE=`date +%b%Y`
YRMON=`date+%Y%b`
BASE_DIR=/tmp/sudo
LOG=$BASE_DIR/SUDOLOG
if [ "$DAY" = 12 ]     #using this as a test - plan on last day of month
then
  cat $BASE_DIR/sudolog.$HOST | sed '/'${MONTH}'/i\
  \^V ' | awk ' BEGIN { RS = "^V" }    #having to separate into records
  { while (read line)
   do
      { if ( "$10" != NOT )
         { printf "%-8s %-4s %-3s %-13s %-12s %-21s\n", $5, $1, $2, $7,
$13, $15 }' | sort | uniq -c > $BASE_DIR/$HOST.sudolog
      }
  }
fi

I would like to be able to count those "NOT in sudoers" entries as well.
Is there a shell script out there that could provide some assistance.
I am looking for help, not answers.

Many thanks to all.
Rick

Sent via Deja.com http://www.deja.com/
Before you buy.

2. Where is libjpeg.so.7 ?

3. sed or awk? Multiline editing help needed

4. Contact me immediately

5. Need help/consultant for awk or sed

6. timer interrupts on HP machines

7. Need some help with this awk/sed statement.

8. Log entry Question - What is this guy trying to do?

9. Need help getting started on a script (awk, sed, ksh ?)

10. Grep, Awk, Sed??? n00b needs help

11. Need help editing file using awk, sed, or whatever it takes...

12. SUMMARY: sed/awk gurus help needed.

13. Need help with script using awk or sed