LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   To remove the null value using awk on RHEL5 (https://www.linuxquestions.org/questions/linux-newbie-8/to-remove-the-null-value-using-awk-on-rhel5-4175430550/)

senthilprasath 10-04-2012 03:30 PM

To remove the null value using awk on RHEL5
 
HI,

this is some lines from /var/log/secure
Oct 4 09:55:31 dcvlodbdev su: pam_unix(su-l:auth): authentication failure; logname=oratest uid=501 euid=0 tty=pts/1 ruser=oratest rhost= user=one
Oct 4 10:56:06 dcvlodbdev sshd[9131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.16.201.23 user=oratest
i am using this awk cmd for our reqiurment,

/bin/grep "$CUR_DATE" /var/log/secure | grep -i failure | awk '{ print $1, $2" ", $3" ",$14" ", $15 }' >> /tmp/failed-logins.txt
I received the output as,
Oct 4 10:56:06 logname= rhost=172.16.201.23 user=oratest
Oct 4 10:56:37 logname=oratest rhost= user=root

But i only need the ouput like this,

Oct 4 10:56:06 logname= rhost=172.16.201.23 user=oratest

i dont need the "rhost= "
how to avoid the rhost="null" in awk

Thanks.
senthil

porphyry5 10-04-2012 04:56 PM

Quote:

Originally Posted by senthilprasath (Post 4797466)
HI,

this is some lines from /var/log/secure
Oct 4 09:55:31 dcvlodbdev su: pam_unix(su-l:auth): authentication failure; logname=oratest uid=501 euid=0 tty=pts/1 ruser=oratest rhost= user=one
Oct 4 10:56:06 dcvlodbdev sshd[9131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.16.201.23 user=oratest
i am using this awk cmd for our reqiurment,

/bin/grep "$CUR_DATE" /var/log/secure | grep -i failure | awk '{ print $1, $2" ", $3" ",$14" ", $15 }' >> /tmp/failed-logins.txt
I received the output as,
Oct 4 10:56:06 logname= rhost=172.16.201.23 user=oratest
Oct 4 10:56:37 logname=oratest rhost= user=root

But i only need the ouput like this,

Oct 4 10:56:06 logname= rhost=172.16.201.23 user=oratest

i dont need the "rhost= "
how to avoid the rhost="null" in awk

Thanks.
senthil

Assuming you mean you want to drop the entire line if "rhost= ", add another grep, thus
Code:

/bin/grep "$CUR_DATE" /var/log/secure | grep -i failure | grep -vi 'rhost= ' | awk '{ print $1, $2" ", $3" ",$14" ", $15 }' >> /tmp/failed-logins.txt
If you want awk to not print 'rhost=' when it occurs, but to show the rest of the values from that line, you would test for it and use a different print command in each case.
Code:

if ($14 == "rhost=") print $1, $2" ", $3" ", $15; else print $1, $2" ", $3" ",$14" ", $15;

senthilprasath 10-05-2012 10:25 AM

Thanks.,
 
its working.,

David the H. 10-07-2012 05:01 PM

Please use ***[code][/code]*** tags around your code and data, to preserve the original formatting and to improve readability. Do not use quote tags, bolding, colors, "start/end" lines, or other creative techniques.


Actually, you usually shouldn't be using grep in combination with awk at all. There's no real need for it. awk is powerful enough to replicate pretty much everything grep/cut/sed can do.

Code:

awk '/failure/ && $14 != "rhost=" { print $1 , $2 , $3 , $14 , $15 }'
The only thing from the above posts that's a bit trickier is making case-insensitive matches. awk doesn't have an option like grep's "-i". See here for how to handle that:
http://www.gnu.org/software/gawk/man...nsitivity.html

But then again, it doesn't look like there's anything in the log file that requires it anyway.

Here are a few useful awk references:
http://www.grymoire.com/Unix/Awk.html
http://www.gnu.org/software/gawk/man...ode/index.html
http://www.pement.org/awk/awk1line.txt
http://www.catonmat.net/blog/awk-one...ined-part-one/


All times are GMT -5. The time now is 06:25 AM.