[ale] Question about awk
Greg Freemyer
greg.freemyer at gmail.com
Wed Sep 16 19:35:29 EDT 2009
Chuck,
awk is very flexible.
sounds like you just want to search $10 for '[' and ']' and print wants between.
Just do that with a control file like
{ start = strsrch($10, '[') + 1; end = strsrch($10, ']') - 1; print
substr($10, start, end); }
I'm going totally from ancient memory, so the functions I'm sure have
the wrong names, but you can figure it out from the above I believe.
Greg
On Wed, Sep 16, 2009 at 7:19 PM, Chuck Payne <terrorpup at gmail.com> wrote:
> Guys,
>
>
> Another simple question. I am looking into my mail logs, I just like
> to get the ip that is between []
>
> athedsl-4487021.home.otenet.gr[94.71.67.117]:
> unknown[187.78.66.100]:
> unknown[192.168.105.11]:
> c-98-224-185-217.hsd1.mi.comcast.net[98.224.185.217]:
> athedsl-333802.home.otenet.gr[85.72.159.136]:
> athedsl-333802.home.otenet.gr[85.72.159.136]:
> pool-151-202-63-204.ny325.east.verizon.net[151.202.63.204]:
> ppp-124-122-183-185.revip2.asianet.co.th[124.122.183.185]:
> unknown[62.68.49.34]:
>
>
> Here my search string...
>
> grep 'Recipient address rejected' mail.log | awk '{ print $10 }'
>
>
> I have tried to use sed to remove [] hoping that it would every before
> and after the [] 's, but it ugly.
>
> --
> ----------------------------------------
> Discover it! Enjoy it! Share it! openSUSE Linux.
> -----------------------------------------
> openSUSE -- http://en.opensuse.org/User:Terrorpup
> openSUSE Ambassador
> openSUSE Member
> skype -- terrorpup
> twitter -- terrorpup
> friendfeed -- http://friendfeed.com/terrorpup
>
> Come join me at the Atlanta Linux Fest, September 19th, 2009
> http://atlantalinuxfest.org/.
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
>
--
Greg Freemyer
Head of EDD Tape Extraction and Processing team
Litigation Triage Solutions Specialist
http://www.linkedin.com/in/gregfreemyer
Preservation and Forensic processing of Exchange Repositories White Paper -
<http://www.norcrossgroup.com/forms/whitepapers/tng_whitepaper_fpe.html>
The Norcross Group
The Intersection of Evidence & Technology
http://www.norcrossgroup.com
More information about the Ale
mailing list