LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 01-08-2008, 09:37 AM   #1
Rush_898
Member
 
Registered: Mar 2004
Distribution: debian...
Posts: 31

Rep: Reputation: 16
Need help with grep syntax and reg exp


I have been banging my head against this for a few days. I don't know much about regular expressions and my original thought was just to use grep to take the content below and show a few key facts from it.

So from this jumble mess (a converted snmp trap to syslog):

Kiwi_Syslog_Daemon Original Address=10.1.1.1 community="kiwisyslog", enterprise=1.3.6.1.4.1.9.9.383.0.1, enterprise_mib_name=ciscoCidsAlert, uptime=434027636, agent_ip=10.1.1.2, version=Ver2, 1.3.6.1.4.1.9.9.383.1.1.1=1193860087813417372, cidsGeneralEventId=1193860087813417372, 1.3.6.1.4.1.9.9.383.1.1.2="Hex String=07 D8 01 08 09 16 24 00", cidsGeneralLocalTime="Hex String=07 D8 01 08 09 16 24 00", 1.3.6.1.4.1.9.9.383.1.1.3="Hex String=07 D8 01 08 0F 16 24 00", cidsGeneralUTCTime="Hex String=07 D8 01 08 0F 16 24 00", 1.3.6.1.4.1.9.9.383.1.1.4=ciscoasaIPS, cidsGeneralOriginatorHostId=ciscoasaIPS, 1.3.6.1.4.1.9.9.383.1.2.1=low, cidsAlertSeverity=low, 1.3.6.1.4.1.9.9.383.1.2.2=2147483648, cidsAlertAlarmTraits=2147483648, 1.3.6.1.4.1.9.9.383.1.2.4="ICMP Network Sweep w/Echo", cidsAlertSignatureSigName="ICMP Network Sweep w/Echo", 1.3.6.1.4.1.9.9.383.1.2.5=2100, cidsAlertSignatureSigId=2100, 1.3.6.1.4.1.9.9.383.1.2.6=0, cidsAlertSignatureSubSigId=0, 1.3.6.1.4.1.9.9.383.1.2.7=S2, cidsAlertSignatureVersion=S2, 1.3.6.1.4.1.9.9.383.1.2.12=0, c...

to something like this?

10.201.103.3 2100 low ICMP Network Sweep w/Echo

So basically taking this out of it and creating a string of output, but without the syntax to grep the stuff out I'm lost...

Original Address=10.1.1.1
cidsAlertSignatureSigId=2100
cidsAlertSeverity=low
cidsAlertSignatureSigName="ICMP Network Sweep w/Echo"

I have looked at snmptt for this and really the specific need here is so basic I would like to do it this way, also I'm really hoping to figure this out as a learning experience. I have tried grepping the file for things like $agent_ip (it just does nothing) and agent_ip (it returns the whole thing as output). Any ideas?
 
Old 01-08-2008, 09:58 AM   #2
ghostdog74
Senior Member
 
Registered: Aug 2006
Posts: 2,695
Blog Entries: 5

Rep: Reputation: 241Reputation: 241Reputation: 241
GNUawk
Code:
awk ' BEGIN{FS="[,]"}
{
  for ( i=1 ; i<=NF;i++ ){
    if ( match($i,"Original Address=") ) {
         n=split( substr($i , RSTART) , a," ")
         print a[1],a[2]
    }else if ( $i ~ /cidsAlertSignatureSigId|cidsAlertSeverity|cidsAlertSignatureSigName/ ) {
        print $i    
    }
  
  }
}' "file"
output:
Code:
# ./test.sh
Original Address=10.1.1.1
 cidsAlertSeverity=low
 cidsAlertSignatureSigName="ICMP Network Sweep w/Echo"
 cidsAlertSignatureSigId=2100
 
Old 01-08-2008, 10:28 AM   #3
Rush_898
Member
 
Registered: Mar 2004
Distribution: debian...
Posts: 31

Original Poster
Rep: Reputation: 16
holy cow that was quick. Thank you very much.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
GREP - reg exp to find words ending with .V and .TO vikram_cvk Linux - Server 5 12-22-2006 01:47 PM
python reg exp help Bopi Programming 1 12-03-2006 02:29 AM
Perl Reg Exp Question amytys Programming 1 12-09-2005 12:53 PM
prob with reg exp rajatgarg Programming 3 05-28-2004 09:21 AM
Reg Exp ugenn Programming 4 09-19-2002 12:01 PM


All times are GMT -5. The time now is 07:05 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration