[ale] Is awk the right tool for this?
Fletch
fletch at phydeaux.org
Tue May 7 09:39:49 EDT 2002
>>>>> "Kevin" == Kevin Krumwiede <krum at smyrnacable.net> writes:
Kevin> I want to go through my firewall logs and extract the
Kevin> source address of dropped packets. I can't just use cut to
Kevin> get the right field because of different flags on the
Kevin> packets. So how do I get just the token that begins with
Kevin> "SRC="? I have a feeling awk is the tool for the job, but
Kevin> I don't really know how to use it.
Kevin> grep dropped /var/log/kernel/info | ??? | sort | uniq | ...
If you want them sorted in order of number of incidents:
perl -lne \
'/SRC=(\S+)/&&$a{$1}++;END{print for sort{$a{$b}<=>$a{$a}}keys%a}' \
/var/log/kernel/info
In numeric order by IP address:
perl -MSocket=inet_aton -lne \
'/SRC=(\S+)/&&$a{$1}++;END{print for map{$_->[0]}sort{$a->[1]<=>$b->[1]}map{[$_,inet_aton($_)]}keys%a}' \
/var/log/kernel/info
--
Fletch | "If you find my answers frightening, __`'/|
fletch at phydeaux.org | Vincent, you should cease askin' \ o.O'
770 933-0600 x211(w) | scary questions." -- Jules =(___)=
770 294-0820 (m) | U
---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
sent to listmaster at ale dot org.
More information about the Ale
mailing list