LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Programming (https://www.linuxquestions.org/questions/programming-9/)
-   -   [bash] how to put nslookup result next to ip in file (https://www.linuxquestions.org/questions/programming-9/%5Bbash%5D-how-to-put-nslookup-result-next-to-ip-in-file-622716/)

kriezo 02-21-2008 04:12 AM
[bash] how to put nslookup result next to ip in file
 
hi guys..
I just make a stat file from my maillog to get all ip and make them unique to find spam pattern and pipe out to a file ips.txt like this :
Code:
    718    718 xx.xx.xx.xx
    371    371 xxx.xxx.xx.xxx
    327    327 xxx.xx.xx.xxx
which 718,371,327 is the total connection made my x ips.Anyway now i want to do nslookup to each ip. I just found the script here :

Code:
while read IP ; do

        LOOKUP_RES=$(nslookup $IP | sed -n 's/.*arpa.*name = \(.*\)/\1/p')
        test -z "$LOOKUP_RES" && LOOKUP_RES="Failed"

        echo -e "$IP\t$LOOKUP_RES"

done < ips.txt
I try enhance the script make the nslookup result will be put next to the ip in new file or the ips.txt file (doesn't matter) but failed.

Somebody please help me here..

jschiwal 02-21-2008 04:32 AM
You could use : while read num1 num2 IP; do
...
done <ip.txt

This will get rid of the numbers before the IP.

For the sed command, select a line that has /arpa/ in it:
sed -n '/arpa/s/.*arpa.*name = \(.*\)/\1/p'

You might want to add some error correction before the nslookup command. If IP were empty, nslookup would enter the interactive mode.

Put the echo arguments in double quotes.

kriezo 02-21-2008 05:07 AM
thanks jschiwal,
but how can i write or print that result beside the ip?
Can u show me the way?

jschiwal 02-21-2008 05:38 AM
This line: echo -e "$IP\t$LOOKUP_RES" prints both the IP address and the FQDN. Or do you want the number from your original list printed also?

echo -e "$num1\t$IP\t$LOOKUP_RES"

jschiwal 02-21-2008 10:56 PM
Maybe I misunderstood what you are asking. Here is a sample iplist.txt file. The modified program and the output. One thing I don't understand is why the number before the IP is listed twice on the input file or if they represent different values. I didn't reference num2 in the output, but I read it in simply to read in the IP address into the $IP variable. If you want a different output, use a better sample and post what the output should look like given that sample.

Code:
jschiwal@hpmedia:~> cat iplist.txt
100 100 75.126.6.188
101 101 64.233.167.104
102 102 75.126.6.188
Code:
jschiwal@hpmedia:~> cat getfq
while read num1 num2 IP; do
        LOOKUP_RES=$(nslookup $IP | sed -n '/arpa/s/.*arpa.*name = \(.*\)/\1/p')

        test -z "$LOOKUP_RES" && LOOKUP_RES="Failed"

        echo -e "$num1\t$IP\t$LOOKUP_RES"
done < iplist.txt
Code:
jschiwal@hpmedia:~> ./getfq
100    75.126.6.188    twit.tv.
101    64.233.167.104  py-in-f104.google.com.
102    75.126.6.188    twit.tv.

kriezo 02-25-2008 12:48 AM
thank you again jschiwal :twocents:
I used the code exactly that you've given before and it's work. The reason why the total have become twice coz first i pipeout all the ip into a file, then i sort it into another file using | uniq -c and then i sort the 2nd file using sort file | uniq -c | sort -nr to sort it deceasing the total unique ip number..

all seem find now excepts if i want to get the total unique ip until 50 and leave all total ip below that, can you help me out with the script? I've try out but don't work..:scratch:


All times are GMT -5. The time now is 10:47 PM.