Identifying entries based on 2 fields in a string.

Shell Programming and Scripting
1

Hi Guys,

I�m struggling to use two fields to do a duplicate/ unique by output.

I want to look IP addresses assigned to more than one account during a given period in the logs. So duplicate IP and account > 1 then print all the logs for that IP. I have been Using AWK (just as its installed on the system in question). Any help would be greatly appreciated.

log:

2012/01/01:01:30:35  type: 1, ip-assigned: 10.10.10.236, account: E8C200511C63, 
2012/01/01:01:30:36  type: 2, ip-assigned: 10.10.10.236, account: E8C200511C63, 
2012/01/01:01:30:37  type: 1, ip-assigned: 10.10.10.37, account: E8C3004BF14E,
2012/01/01:01:30:38  type: 2, ip-assigned: 10.10.10.11, account: E8C201111C63,
2012/01/01:01:30:39  type: 1, ip-assigned: 10.10.10.228, account: E8C300314D4A, 
2012/01/01:01:30:40  type: 2, ip-assigned: 10.10.10.147, account: E8C30031407A, 
2012/01/01:01:30:41  type: 1, ip-assigned: 10.10.10.236, account: E8C3003149CA, 
2012/01/01:01:30:42  type: 2, ip-assigned: 10.10.10.37, account: E8C3004BF14E, 
2012/01/01:01:30:43  type: 1, ip-assigned: 10.10.10.37, account: E8C3007069AD,
2012/01/01:01:30:44  type: 1, ip-assigned: 10.10.10.11, account: E8C201DB1C63,
2012/01/01:01:30:45  type: 2, ip-assigned: 10.10.10.228, account: E8C300314D4A, 
2012/01/01:01:30:46  type: 1, ip-assigned: 10.10.10.230, account: E8C300314D4A, 
2012/01/01:01:30:47  type: 2, ip-assigned: 10.10.10.230, account: E8C300314D4A,
2012/01/01:01:30:48  type: 1, ip-assigned: 10.10.10.101, account: E8C200511C63,

Desired output;

2012/01/01:01:30:35  type: 1, ip-assigned: 10.10.10.236, account: E8C200511C63, 
2012/01/01:01:30:36  type: 2, ip-assigned: 10.10.10.236, account: E8C200511C63, 
2012/01/01:01:30:41  type: 1, ip-assigned: 10.10.10.236, account: E8C3003149CA, 
2012/01/01:01:30:37  type: 1, ip-assigned: 10.10.10.37, account: E8C3004BF14E,
2012/01/01:01:30:42  type: 2, ip-assigned: 10.10.10.37, account: E8C3004BF14E, 
2012/01/01:01:30:43  type: 1, ip-assigned: 10.10.10.37, account: E8C3007069AD,
2012/01/01:01:30:38  type: 2, ip-assigned: 10.10.10.11, account: E8C201111C63,
2012/01/01:01:30:44  type: 1, ip-assigned: 10.10.10.11, account: E8C201DB1C63,
2

Do you have Perl installed?

perl -ane '$h{$F[4]}{$F[6]}=1;$s{$F[4]}.=$_;END{for $i (keys %h){@acc=keys %{$h{$i}};print $s{$i} if $#acc>0}}' file
1 Like
3

Hi,

Try this one,

#! /usr/bin/bash
 
logfile="LogFile"
outfile="OutFile"
tmpfile="tmpfile"
 
cut -d',' -f2,3 $logfile | sort -u >$tmpfile

for i in `cut -d',' -f1 $tmpfile | sort -u | sed 's/ ip-assigned: //'`
do
   cnt=`grep -c $i $tmpfile`
   if [ $cnt -gt 1 ];then
      grep $i $logfile >>$outfile
   fi
done

Configure your log file name and output file name based on your needs.

Cheers,
Ranga :slight_smile:

4

bartus11

Many thanks, that worked a treat!

Wabbit02!