Hello,


I am trying to read through my flooded firewall logs. So far the majority of my log is filled with
192.168.1.23,138 -> <my gateway>

Very annoying and preventing the logging of this sort of traffic is another story. As for now, I want to know how to sort through this firewall log and pick out only the IPs that do not start with 192.

So far I have,

awk '/ / {print $6}' ./firewall.log | grep "192*"
--outputs----
192.168.1.23,138
192.168.1.23,138
192.168.1.23,138
....
-------------

which gives me the undesired list of hundreds of 192 ips. (The IP is by itself in field 6)

now there has to be an easy way to display only the ips in field 6 that do not start with 192?

Thanks everyone!

Something like

awk '$6 !~ /^192\./ ' firewall.log

maybe?

Cheers,
Tink

I assume the mysterious looking awk command works, but for future reference the grep option is -v for --invert-match.

Heh. What is mysterious about the awk command? :}

If
Field number six (by default white-space separates fields)
is not like
a string beginning with 192 and a literal '.'
print the line (awks default action).


Cheers,
Tink

And I always thought "awk" was the call of a Channel-billed Cuckoo

Heh. It's actually from the first letters of the last names of
the programmers, Aho, Weinberger & Kerninghan.
They might as well have named it wak, or kaw, or
something less easily pronounced like wka :}


Cheers,
Tink

so it's not short for awkward then?... I've been misled...

Hehe. No, it's misspelt short for awkesome :}

awk rocks. Small, clear, lightweight. Often quite suitable for
tasks that other may think a perl-thing.


Cheers,
Tink