Bash script for server log (namely var/log/messages)

ghostdog74 · 05-24-2007, 10:07 AM

Code:

#!/bin/sh
awk 'BEGIN{SUBSEP="@"}
 { 
   for (i=1;i<=NF;i++){
      if ($i ~ /SRC/) {
          sub(/^SRC=/,"",$i)
	  ip=$i	  
      }
      else if ($i ~ /DPT/){
          sub(/^DPT=/,"",$i)
	  port=$i
	  array[ip,port]++
      }      
   }
 }
END{
  for ( i in array ){
       n=split(i, s, SUBSEP)
       print s[1] " probed " s[2] " " array[i] " times"
  }
}' "file"

output:

Code:

# ./test1.sh
127.0.0.1 probed 80 1 times
127.0.0.1 probed 984 2 times
10.0.2.15 probed 40390 4 times
10.0.2.15 probed 40414 2 times
127.0.0.1 probed 489 2 times

tenaciousbob · 05-24-2007, 10:17 AM

Thank you thank you thank you!

Works perfectly, and stops me from banging my head against a wall.

Much appreciated!

Im gonna be cheeky now - can i just ask, what does the line 'n=split(i, s, SUBSEP)' do?

Thanks again.

ghostdog74 · 05-24-2007, 10:43 AM

Quote:

Originally Posted by tenaciousbob

Thank you thank you thank you!

Works perfectly, and stops me from banging my head against a wall.

Much appreciated!

Im gonna be cheeky now - can i just ask, what does the line 'n=split(i, s, SUBSEP)' do?

Thanks again.

multidimensional arrays are created using concatenation of string indices. therefore if want to store like array[ip,port] , awk will concat to one string using default separater "\034". however i just chose to use "@" for visibility. when we view the array, they are something like this

Code:

array[127.0.0.1@80]

and use ++ to increment the count for identical ip and port. As for the n=split(i, s, SUBSEP) line, i just want to get back the values of ip and port (stored in s), so i can print your desired output. hope you understand.