Satyak
August 30, 2013, 7:08pm
1
Hi, i have a strange prob. log file contains ip, protocol, user name, agent . these can be in any order. If log contains the above order able to fetch all details but if details are in diff order not able to fetch all details.
using below command.
grep -A50 "Entry " "/logs/file.log" \
|grep -A50 "Login" \
|sed -n -e '/IPADDR/p' -e '/PROTOCOL/p' -e '/USER_NM/p' -e '/AGENT/p' \
| sed 's/^ *//g' \
|sed -e 's/IPADDR */1C /g' -e 's/PROTOCOL */2C /g' -e 's/USER_NM */4C /g' -e 's/AGENT */3C /g' > $TMP_FILE
Can someone plz help
thanks in advance
Come on Satyak... With more than 100 posts in these forums you know that we can't help if you only show us code that doesn't work. Show us your input, show us the corresponding desired output, and explain the logic behind the transformation you want to occur.
Satyak
August 31, 2013, 1:29am
3
Hi Dan,here are the details.
Input:
Entry
CLIENT httpd
ATION_ENABLED 1
ACCOUNT_NAME
HTTPUSERAGENT Jakarta Commons-HttpClient/3.0
USER_NM satya
AGENT Jakarta Commons-HttpClient/3.0
CLIENTADDR 148.171.38.52
COOKIE Cookie-20130827-085956-satya-27,183,264
TARGETDIR
HTTP_COOKIE $Version=0; fx=544d63766232756d5454436c33716256697036414f413d3d; $Path=/
USERGID 100
ACCOUNT_ID
USERCOOKIE Cookie-20130827-085956-satya-27,183,264
/bin/mutt
HTTP_CONTENT_TYPE application/x-www-form-urlencoded
HOMEDIR /users/00000214011
HTTP_CONTENT_LENGTH 1397
IMEOUT 900
IPADDR 1.2.3.4
XFERTYPE I
USERTYPE virtual
TYPE httpcmd
REMOTEHOST 1.2.3.4
USERCLASS VirtClass
PROTOCOL http
APPLICATION_TYPE
LOGFILENAME /var/logs/agent_error.log
TRIGGER post
CLIENTPID 25555
DXAGENT_LOGINPASS **********
DXAGENT_SECURE_DATA 1
DXAGENT_TARGET
DXAGENT_SESSIONID 69192fb3c09f374d3d41f7c5471f7ef4
LIBPATH /lib/
DXAGENT_EXTRAARGS http
Expected output:
IP : 1.2.3.4
Protocol: http
User Name: satya
Agent: Jakarta Commons-HttpClient/3.0
Thanks
Jotne
August 31, 2013, 2:11am
5
Whit more than 100 post why do you not use code tags ?
Using awk
awk '/IPADDR/ {print "IP:", $2} /PROTOCOL/ {print "Protocol:",$2 "\nUser Name:",u "\nAgent:",a} /USER_NM/ {u=$2} /^AGENT/{a=$2 " " $3 " " $4}' file
IP: 1.2.3.4
Protocol: http
User Name: satya
Agent: Jakarta Commons-HttpClient/3.0
EDIT: Some more readable version, handles space in username and Agent
awk '
/^IPADDR/ {i=$2}
/^PROTOCOL/ {p=$2}
/^USER_NM/ {$1="";u=$0}
/^AGENT/{$1="";a=$0}
END {print "IP:",i "\nProtocol:",p "\nUser Name:" u "\nAgent:" a}
' file
RudiC
August 31, 2013, 1:07pm
6
I don't understand your problem - you're not too far off. Slightly modifying your code snippet to
sed -n -e '/IPADDR/p' -e '/PROTOCOL/p' -e '/USER_NM/p' -e '/ AGENT/p' file
you'll get
USER_NM satya
AGENT Jakarta Commons-HttpClient/3.0
IPADDR 1.2.3.4
PROTOCOL http
You could also OR your regexes together (ERE version):
sed -rn '/IPADDR|PROTOCOL|USER_NM| AGENT/p' file
awk can do a precise (string) check on $1 (first word)
awk '
$1=="IPADDR" {i=$2}
$1=="PROTOCOL" {p=$2}
$1=="USER_NM" {$1=""; u=$0}
$1=="AGENT" {$1=""; a=$0}
END {
print "IP:",i
print "Protocol:",p
print "User Name:" u
print "Agent:" a
}
' file
madeingermany:
awk can do a precise (string) check on $1 (first word)
awk '
$1=="IPADDR" {i=$2}
$1=="PROTOCOL" {p=$2}
$1=="USER_NM" {$1=""; u=$0}
$1=="AGENT" {$1=""; a=$0}
END {
print "IP:",i
print "Protocol:",p
print "User Name:" u
print "Agent:" a
}
' file
Thank you. I can see my self using this quite a bit.