Help with separating syslog messages.

raj_26apr · November 17, 2008, 7:11pm

Hello Guys...

I am bit new to shell scripting and was looking for help !!

I have got syslog data on a linux server recording log messages from a device.

I need to seperate the data from log to file so that I can push it excell and get a report from that.

Log is in the format below
"
Nov 16 04:02:05 syslogger syslog: klogd startup succeeded
Nov 16 04:02:05 syslogger syslog: syslogd shutdown succeeded
Nov 16 04:02:08 syslogger crond(pam_unix)[28955]: session closed for user root
Nov 16 04:19:49 10.0.3.1 287352 11/16/2008 01:41:12.150 SEV=4 IKE/119 RPT=6730 123.208.8.179 Group [sportsbet] User [munsieg] PHASE 1 COMPLETED
Nov 16 04:20:02 10.0.3.1 287364 11/16/2008 01:41:24.290 SEV=4 IKE/49 RPT=7502 12
3.208.8.179 Group [sportsbet] User [munsieg] Security negotiation complete for
User (munsieg) Responder, Inbound SPI = 0x05347b8f, Outbound SPI = 0x9bd2c940"

Is there a way to separate things in bold from the log and push it to a text or excell file ?

Thanks a lot for the help..!!
R

zaxxon · November 18, 2008, 12:56am

You did not say where to place the column delimeters; here is a start you can modify yourself of course; I took semicolons as delimeter - you can import it to Excel as csv or whatever:

root@isau02:/data/tmp/testfeld> awk '/Group \[.*\] User \[.*\] .* COMPLETED$/ {print $1,$2,$3";"$6,$7";"$11";"$12,$13";"$14,$15}' infile
Nov 16 04:19:49;11/16/2008 01:41:12.150;123.208.8.179;Group [sportsbet];User [munsieg]

raj_26apr · November 18, 2008, 6:26pm

Hi Zaxxon

Thanks for the reply.. !!!! it all works good... !!

R