Hello
I have a log file with thousands of lines like below
Sep 21 13:02:52 lnxtst01 kernel: New TCP in: IN=eth0 OUT= MAC=00:1a:4b:50:b7:32:00:08:e3:ff:fc:04:08:00 SRC=10.184.46.4 DST=10.162.139.21 LEN=60 TOS=0x00 PREC=0x00 TTL=59 ID=52961 DF PROTO=TCP SPT=55688 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0
Sep 21 13:03:03 lnxtst01 kernel: New TCP out: IN= OUT=eth0 SRC=10.162.139.21 DST=10.161.8.2 LEN=83 TOS=0x00 PREC=0x00 TTL=64 ID=4306 DF PROTO=UDP SPT=60328 DPT=53 LEN=63
Sep 21 13:03:03 lnxtst01 kernel: New TCP out: IN= OUT=eth0 SRC=10.162.139.21 DST=10.199.10.61 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=6954 DF PROTO=TCP SPT=50865 DPT=8089 WINDOW=14600 RES=0x00 SYN URGP=0
How can i extract the fields containing SRC , DST , SPT & DPT strings. I could have used awk '{print $n}' if they are in fixed column but sometimes their column number getting changed.
Please advise, thanks
Like this?
awk '{for (i=4; i<=NF; i++) if ($i!~/SRC|DST|SPT|DPT/) $i=""; print}'
Hello magnus29,
If you want to get only values of SRC , DST , SPT and DPT t hen following may help you in same.
awk '{match($0,/SRC=[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/);if($0){A=substr($0,RSTART,RLENGTH)};match($0,/DST=[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/);if($0){A=A?A OFS substr($0,RSTART,RLENGTH):substr($0,RSTART,RLENGTH)};match($0,/SPT=[0-9]+/);if($0){A=A?A FS substr($0,RSTART,RLENGTH):substr($0,RSTART,RLENGTH)};match($0,/DPT=[0-9]+/);if($0){A=A?A FS substr($0,RSTART,RLENGTH):substr($0,RSTART,RLENGTH)};}{print A}' Input_file
Output will be as follows.
SRC=10.184.46.4 DST=10.162.139.21 SPT=55688 DPT=22
SRC=10.162.139.21 DST=10.161.8.2 SPT=60328 DPT=53
SRC=10.162.139.21 DST=10.199.10.61 SPT=50865 DPT=8089
Thanks,
Aia
September 21, 2015, 10:41pm
4
$ perl -nle '@a = /((?:SRC|D[SP]T|SPT)=[\d\.]+)/g and print "@a"' magnus29.file
SRC=10.184.46.4 DST=10.162.139.21 SPT=55688 DPT=22
SRC=10.162.139.21 DST=10.161.8.2 SPT=60328 DPT=53
SRC=10.162.139.21 DST=10.199.10.61 SPT=50865 DPT=8089