LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - General (https://www.linuxquestions.org/questions/linux-general-1/)
-   -   Need help with grep syntax and reg exp (https://www.linuxquestions.org/questions/linux-general-1/need-help-with-grep-syntax-and-reg-exp-612000/)

Rush_898 01-08-2008 09:37 AM
Need help with grep syntax and reg exp
 
I have been banging my head against this for a few days. I don't know much about regular expressions and my original thought was just to use grep to take the content below and show a few key facts from it.

So from this jumble mess (a converted snmp trap to syslog):

Kiwi_Syslog_Daemon Original Address=10.1.1.1 community="kiwisyslog", enterprise=1.3.6.1.4.1.9.9.383.0.1, enterprise_mib_name=ciscoCidsAlert, uptime=434027636, agent_ip=10.1.1.2, version=Ver2, 1.3.6.1.4.1.9.9.383.1.1.1=1193860087813417372, cidsGeneralEventId=1193860087813417372, 1.3.6.1.4.1.9.9.383.1.1.2="Hex String=07 D8 01 08 09 16 24 00", cidsGeneralLocalTime="Hex String=07 D8 01 08 09 16 24 00", 1.3.6.1.4.1.9.9.383.1.1.3="Hex String=07 D8 01 08 0F 16 24 00", cidsGeneralUTCTime="Hex String=07 D8 01 08 0F 16 24 00", 1.3.6.1.4.1.9.9.383.1.1.4=ciscoasaIPS, cidsGeneralOriginatorHostId=ciscoasaIPS, 1.3.6.1.4.1.9.9.383.1.2.1=low, cidsAlertSeverity=low, 1.3.6.1.4.1.9.9.383.1.2.2=2147483648, cidsAlertAlarmTraits=2147483648, 1.3.6.1.4.1.9.9.383.1.2.4="ICMP Network Sweep w/Echo", cidsAlertSignatureSigName="ICMP Network Sweep w/Echo", 1.3.6.1.4.1.9.9.383.1.2.5=2100, cidsAlertSignatureSigId=2100, 1.3.6.1.4.1.9.9.383.1.2.6=0, cidsAlertSignatureSubSigId=0, 1.3.6.1.4.1.9.9.383.1.2.7=S2, cidsAlertSignatureVersion=S2, 1.3.6.1.4.1.9.9.383.1.2.12=0, c...

to something like this?

10.201.103.3 2100 low ICMP Network Sweep w/Echo

So basically taking this out of it and creating a string of output, but without the syntax to grep the stuff out I'm lost...

Original Address=10.1.1.1
cidsAlertSignatureSigId=2100
cidsAlertSeverity=low
cidsAlertSignatureSigName="ICMP Network Sweep w/Echo"

I have looked at snmptt for this and really the specific need here is so basic I would like to do it this way, also I'm really hoping to figure this out as a learning experience. I have tried grepping the file for things like $agent_ip (it just does nothing) and agent_ip (it returns the whole thing as output). Any ideas?

ghostdog74 01-08-2008 09:58 AM
GNUawk
Code:
awk ' BEGIN{FS="[,]"}
{
  for ( i=1 ; i<=NF;i++ ){
    if ( match($i,"Original Address=") ) {
        n=split( substr($i , RSTART) , a," ")
        print a[1],a[2]
    }else if ( $i ~ /cidsAlertSignatureSigId|cidsAlertSeverity|cidsAlertSignatureSigName/ ) {
        print $i   
    }
 
  }
}' "file"
output:
Code:
# ./test.sh
Original Address=10.1.1.1
 cidsAlertSeverity=low
 cidsAlertSignatureSigName="ICMP Network Sweep w/Echo"
 cidsAlertSignatureSigId=2100

Rush_898 01-08-2008 10:28 AM
holy cow that was quick. Thank you very much.


All times are GMT -5. The time now is 04:36 AM.