Identify the position of character

suneel.mekala · December 10, 2010, 2:02am

Hi,

Can some one guide me to identify the position of a character using index in UNIX.

I have a record like "17/11/2010 15:16:39;reject;10.44.48.65;daemon alert; src: 10.44.48.112; dst: 172.21.52.88" . I need to identify the value which comes after _src:_ (_ denotes space).

I am able to identify the no. of characters till _src:_ as below:

s1="17/11/2010 15:16:39;reject;10.44.48.65;daemon alert src: 10.44.48.112; dst: 172.21.52.88"

s2=" src: "

start_val=`awk -v a="$s1" -v b="$s2" 'BEGIN{print index(a,b)+6}'`

But am not able to identify the character position of ";" which comes after _src:_ .

If I can identify that character position then I can pick the value using substr.

Can some one help me to identify the position.

Also If any one is having better approach please guide me.

Many Thanks in advance.
MSK

system · December 10, 2010, 2:21am

Are u looking to extract an IP address comes after _src:_ ?? If its is so then

echo "17/11/2010 15:16:39;reject;10.44.48.65;daemon alert; src: 10.44.48.112; dst: 172.21.52.88" | sed 's/.*; src: (.*); /$1/g'

output

10.44.48.112

and if u r having this data stored in file then

sed 's/.*; src: (.*); /$1/g' filename

suneel.mekala · December 10, 2010, 3:05am

Thanks for your reply R0H0N.

But it is returning the value as my input.

system · December 10, 2010, 3:35am

Make the changes in sed command for finding an exact string as per your requirement. Or, delimit the special characters in sed command.

suneel.mekala · December 10, 2010, 3:40am

Hi R0H0N,

I executed the below command
echo "17/11/2010 15:16:39;reject;10.44.48.65;daemon alert; src: 10.44.48.112; dst: 172.21.52.88" | sed 's/.; src: (.); /$1/g'

but it is returning 17/11/2010 15:16:39;reject;10.44.48.65;daemon alert; src: 10.44.48.112; dst: 172.21.52.88

But am expecting the 10.44.48.112.

Many Thanks

system · December 10, 2010, 3:52am

sed -n 's/.*; src: \(.*\); /$1/g'

or

sed -n 's/.*; src: \(.*\); /\1/g'

homeboy · December 10, 2010, 3:58am

try this

echo "17/11/2010 15:16:39;reject;10.44.48.65;daemon alert; src: 10.44.48.112; dst: 172.21.52.88" | sed 's/.*\(src: \)\(.*\);..*/\2/' -

anurag.singh · December 10, 2010, 4:08am

echo "17/11/2010 15:16:39;reject;10.44.48.65;daemon alert; src: 10.44.48.112; dst: 172.21.52.88" | sed 's/.src: $.*$;./\1/'

suneel.mekala · December 10, 2010, 4:35am

Hi Anurag/Homeboy,

The below script is working fine if my value is
"17/11/2010 15:16:39;reject;10.44.48.65;daemon alert; src: 10.44.48.112; dst: 172.21.52.88"

But if i tried with the below row

17/11/2010 15:16:39;reject;10.44.48.65;daemon alert src: 10.44.48.112; dst: 10.44.48.65;reason: Client Encryption: User unknown.;scheme: IKE;; reject;_category: SecureClient authentication failure;fw_subproduct: VPN-1;product: VPN-1 & FireWall-1;"

it is returning the all the records after src: .

Actually I need to pick the value after _src:_,_dst:_,_reject_category:_ and so on. (_ denotes space) and write those values to a new file.

for example i want the O/p as
10.44.48.112|10.44.48.65|SecureClient authentication failure and so on

Hope my requirement is clear.

Many Thanks,
MSK

system · December 10, 2010, 4:47am

echo "17/11/2010 15:16:39;reject;10.44.48.65;daemon  alert src: 10.44.48.112; dst: 10.44.48.65;reason: Client Encryption:  User unknown.;scheme: IKE;; reject;_category: SecureClient  authentication failure;fw_subproduct: VPN-1;product: VPN-1 &  FireWall-1;" | sed -n 's/.*daemon alert src: \(.*\); dst: \(.*\);.*reject_category: \(.*\);fw_subproduct:.*/\1|\2|\3/g' > newfile

Make sure that its reject_category instead of reject;_category. Make changes if it is so.

homeboy · December 10, 2010, 5:05am

The book named: sed & awk is good for learning sed and awk.I think you'll know how to figure out your problem after reading it.If you want to know the method to solve this problem as a emergency,try my code.

awk  -F";" '{gsub(/[^0-9.]/,"",$4);printf $4"|";gsub(/[^0-9.]/,"",$5);printf $5"|";gsub(/reject\ category: /,"",$9);print $9}' file

suneel.mekala · December 10, 2010, 5:56am

Hi,

In my file the position of delimiter ";" is not fixed.

some values may not be present in some records.

So i need to the value for of src(only if present in the record) which presents between _src: and ;

incoming record:

17/11/2010 15:16:39;reject;10.44.48.65;daemon alert; src: 10.44.48.112; dst: 10.44.48.65;reason: Client Encryption: User unknown.;scheme: IKE;; reject_category: SecureClient authentication failure;fw_subproduct: VPN-1;product: VPN-1 & FireWall-1;"
17/11/2010 15:16:39;reject;10.44.48.65;daemon alert; src: 10.44.48.65;scheme: IKE;; reject_category: SecureClient authentication failure; product: VPN-1 & FireWall-1;"

So my O/p should be as below.
10.44.48.112|10.44.48.65|SecureClient authentication failure
10.44.48.65||SecureClient authentication failure

Many Thanks
MSK

system · December 10, 2010, 7:49am

Are u allowed to write a perl script for it?

suneel.mekala · December 10, 2010, 7:52am

I need to write shell script only

system · December 10, 2010, 8:13am

Ok. Then lets have some fun.

#!/bin/ksh

cat inputFile | while read line
do
    echo "$line" | tr ';' '\n' | grep -e src -e dst -e "reject_category" | sed 's/  *//;s/src://;s/dst://;reject_category://' | xargs -d"\|" >> outputFile
done

methyl · December 10, 2010, 8:36am

Your data format is varying in every post. Please post some definitive samples in CODE tags.