LinuxQuestions.org - Help on parsing a log file in BASH

- Programming (https://www.linuxquestions.org/questions/programming-9/)

- - Help on parsing a log file in BASH (https://www.linuxquestions.org/questions/programming-9/help-on-parsing-a-log-file-in-bash-517780/)

globemast

01-09-2007 03:09 PM

Help on parsing a log file in BASH

Hello,

I have a log file created from iptables, which tracks NAT'd connections on my network.

gre 47 431990 timeout=600, stream_timeout=432000 src=192.168.4.231 dst=x.x.x.x srckey=0x0 dstkey=0xc3e7 packets=15665 bytes=1433523 src=x.x.x.x dst=10.104.12.43 srckey=0xc3e7 dstkey=0x595 packets=18604 bytes=6852134 [ASSURED] use=1 rate=70 mark=0

The above line is an example of a line from the log file for a GRE connection.

Is it possible to help me parse such a line in a BASH shell in order to receive the source ip and destination ip in two variable $SRC and $DEST ???

Thank you in advanced.

raskin

01-09-2007 03:34 PM

I would do the following:

Code:

DEST=$(echo "$LINE" | sed -e 's/ /\n/g' | grep 'dst=\([0-9]\{1,3\}[.]\)\{3,3\}[0-9]\{1,3\}' | sed -e 's/dst=//');

SRC=$(echo "$LINE" | sed -e 's/ /\n/g' | grep 'src=\([0-9]\{1,3\}[.]\)\{3,3\}[0-9]\{1,3\}' | sed -e 's/src=//');

Not the best performance possible, though.. Maybe awk will do better. By the way, are addresses with x.x.x.x always in the middle? If yes, then a better script is possible.

globemast

01-10-2007 01:19 AM

Hi, yes there are two address fields one next to the other...Besically i subtituted the second ip address with x.x.x.x because a public IP was shown there.

raskin

01-10-2007 01:33 AM

Then which of two src's and which of two destinations do you need?

globemast

01-11-2007 01:19 AM

The two first src and dest are needed.

raskin

01-11-2007 01:56 AM

head=${LINE%% srckey=*}
mid=${head##*stream_timeout=}
mid=${mid#* }
SRC=${mid% dst=*}
DEST=${mid#* }
SRC=${SRC#src=}
DEST=${DEST#dst=}

All times are GMT -5. The time now is 08:45 PM.