LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 10-04-2012, 04:30 PM   #1
senthilprasath
LQ Newbie
 
Registered: Oct 2012
Posts: 2

Rep: Reputation: Disabled
To remove the null value using awk on RHEL5


HI,

this is some lines from /var/log/secure
Oct 4 09:55:31 dcvlodbdev su: pam_unix(su-l:auth): authentication failure; logname=oratest uid=501 euid=0 tty=pts/1 ruser=oratest rhost= user=one
Oct 4 10:56:06 dcvlodbdev sshd[9131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.16.201.23 user=oratest
i am using this awk cmd for our reqiurment,

/bin/grep "$CUR_DATE" /var/log/secure | grep -i failure | awk '{ print $1, $2" ", $3" ",$14" ", $15 }' >> /tmp/failed-logins.txt
I received the output as,
Oct 4 10:56:06 logname= rhost=172.16.201.23 user=oratest
Oct 4 10:56:37 logname=oratest rhost= user=root

But i only need the ouput like this,

Oct 4 10:56:06 logname= rhost=172.16.201.23 user=oratest

i dont need the "rhost= "
how to avoid the rhost="null" in awk

Thanks.
senthil
 
Old 10-04-2012, 05:56 PM   #2
porphyry5
Member
 
Registered: Jul 2010
Location: oregon usa
Distribution: Slackware 14.1, Arch
Posts: 443

Rep: Reputation: 21
Quote:
Originally Posted by senthilprasath View Post
HI,

this is some lines from /var/log/secure
Oct 4 09:55:31 dcvlodbdev su: pam_unix(su-l:auth): authentication failure; logname=oratest uid=501 euid=0 tty=pts/1 ruser=oratest rhost= user=one
Oct 4 10:56:06 dcvlodbdev sshd[9131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.16.201.23 user=oratest
i am using this awk cmd for our reqiurment,

/bin/grep "$CUR_DATE" /var/log/secure | grep -i failure | awk '{ print $1, $2" ", $3" ",$14" ", $15 }' >> /tmp/failed-logins.txt
I received the output as,
Oct 4 10:56:06 logname= rhost=172.16.201.23 user=oratest
Oct 4 10:56:37 logname=oratest rhost= user=root

But i only need the ouput like this,

Oct 4 10:56:06 logname= rhost=172.16.201.23 user=oratest

i dont need the "rhost= "
how to avoid the rhost="null" in awk

Thanks.
senthil
Assuming you mean you want to drop the entire line if "rhost= ", add another grep, thus
Code:
/bin/grep "$CUR_DATE" /var/log/secure | grep -i failure | grep -vi 'rhost= ' | awk '{ print $1, $2" ", $3" ",$14" ", $15 }' >> /tmp/failed-logins.txt
If you want awk to not print 'rhost=' when it occurs, but to show the rest of the values from that line, you would test for it and use a different print command in each case.
Code:
if ($14 == "rhost=") print $1, $2" ", $3" ", $15; else print $1, $2" ", $3" ",$14" ", $15;
 
1 members found this post helpful.
Old 10-05-2012, 11:25 AM   #3
senthilprasath
LQ Newbie
 
Registered: Oct 2012
Posts: 2

Original Poster
Rep: Reputation: Disabled
Smile Thanks.,

its working.,
 
Old 10-07-2012, 06:01 PM   #4
David the H.
Bash Guru
 
Registered: Jun 2004
Location: Osaka, Japan
Distribution: Debian sid + kde 3.5 & 4.4
Posts: 6,823

Rep: Reputation: 1957Reputation: 1957Reputation: 1957Reputation: 1957Reputation: 1957Reputation: 1957Reputation: 1957Reputation: 1957Reputation: 1957Reputation: 1957Reputation: 1957
Please use ***[code][/code]*** tags around your code and data, to preserve the original formatting and to improve readability. Do not use quote tags, bolding, colors, "start/end" lines, or other creative techniques.


Actually, you usually shouldn't be using grep in combination with awk at all. There's no real need for it. awk is powerful enough to replicate pretty much everything grep/cut/sed can do.

Code:
awk '/failure/ && $14 != "rhost=" { print $1 , $2 , $3 , $14 , $15 }'
The only thing from the above posts that's a bit trickier is making case-insensitive matches. awk doesn't have an option like grep's "-i". See here for how to handle that:
http://www.gnu.org/software/gawk/man...nsitivity.html

But then again, it doesn't look like there's anything in the log file that requires it anyway.

Here are a few useful awk references:
http://www.grymoire.com/Unix/Awk.html
http://www.gnu.org/software/gawk/man...ode/index.html
http://www.pement.org/awk/awk1line.txt
http://www.catonmat.net/blog/awk-one...ined-part-one/
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
SED or AWK - remove every 4 of 5 new lines Mallardle Linux - Newbie 6 08-30-2010 08:44 AM
[ask awk] remove certain row in a column dhodho Programming 18 06-08-2010 10:36 AM
How to remove everything before the first space in Sed or Awk OutThere Linux - General 1 04-05-2009 11:45 PM
awk command to remove repeats... johnpaulodonnell Linux - Newbie 2 06-25-2008 11:43 AM
RHEl5 Add/Remove tool soumalya Linux - Server 3 11-13-2007 01:21 PM


All times are GMT -5. The time now is 01:03 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration