Retrieving Information From A Syslog File

andyblaylock · June 6, 2010, 6:49am

Hi,

I have a number of firewalls that send there traffic logs to a syslog server.
Each log entry takes up about 3 lines and the text within the log entry is delimited by a space. There are parts of the three lines that I need from every traffic log entry. I have been using a combination of sed, grep, cut, and sort and uniqe to data mine the information I need.
Up until this point I have been searching for information contained within one line of the three line log entry. How do I pull information from the 1st and 3rd lines of the one log entry??

My understanding is that sed s/ and grep search line by line? Can I configure sed and or grep to search the three lines of each log entry? if this makes sense.

Any advise would be appreciated.

Thanks

Andy

jim_mcnamara · June 6, 2010, 8:34am

awk - since you must already have a regex to find line1:

awk '/regex goes here/ {ok=1}
       ok==1 || ok==3 {print}
       {ok++;next} ' /path/to/syslog | paste - - | [your data mining code here]

andyblaylock · June 6, 2010, 2:32pm

Thanks Jim,

I will give it a shot.

Andy