LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices

Reply
 
Search this Thread
Old 01-09-2007, 04:09 PM   #1
globemast
LQ Newbie
 
Registered: Jun 2006
Distribution: Ubuntu 7.10
Posts: 15

Rep: Reputation: 0
Help on parsing a log file in BASH


Hello,

I have a log file created from iptables, which tracks NAT'd connections on my network.


gre 47 431990 timeout=600, stream_timeout=432000 src=192.168.4.231 dst=x.x.x.x srckey=0x0 dstkey=0xc3e7 packets=15665 bytes=1433523 src=x.x.x.x dst=10.104.12.43 srckey=0xc3e7 dstkey=0x595 packets=18604 bytes=6852134 [ASSURED] use=1 rate=70 mark=0


The above line is an example of a line from the log file for a GRE connection.

Is it possible to help me parse such a line in a BASH shell in order to receive the source ip and destination ip in two variable $SRC and $DEST ???

Thank you in advanced.
 
Old 01-09-2007, 04:34 PM   #2
raskin
Senior Member
 
Registered: Sep 2005
Location: Russia
Distribution: NixOS (http://nixos.org)
Posts: 1,893

Rep: Reputation: 68
I would do the following:
Code:
DEST=$(echo "$LINE" | sed -e 's/ /\n/g' | grep 'dst=\([0-9]\{1,3\}[.]\)\{3,3\}[0-9]\{1,3\}' | sed -e 's/dst=//');
SRC=$(echo "$LINE" | sed -e 's/ /\n/g' | grep 'src=\([0-9]\{1,3\}[.]\)\{3,3\}[0-9]\{1,3\}' | sed -e 's/src=//');
Not the best performance possible, though.. Maybe awk will do better. By the way, are addresses with x.x.x.x always in the middle? If yes, then a better script is possible.
 
Old 01-10-2007, 02:19 AM   #3
globemast
LQ Newbie
 
Registered: Jun 2006
Distribution: Ubuntu 7.10
Posts: 15

Original Poster
Rep: Reputation: 0
Hi, yes there are two address fields one next to the other...Besically i subtituted the second ip address with x.x.x.x because a public IP was shown there.
 
Old 01-10-2007, 02:33 AM   #4
raskin
Senior Member
 
Registered: Sep 2005
Location: Russia
Distribution: NixOS (http://nixos.org)
Posts: 1,893

Rep: Reputation: 68
Then which of two src's and which of two destinations do you need?
 
Old 01-11-2007, 02:19 AM   #5
globemast
LQ Newbie
 
Registered: Jun 2006
Distribution: Ubuntu 7.10
Posts: 15

Original Poster
Rep: Reputation: 0
The two first src and dest are needed.
 
Old 01-11-2007, 02:56 AM   #6
raskin
Senior Member
 
Registered: Sep 2005
Location: Russia
Distribution: NixOS (http://nixos.org)
Posts: 1,893

Rep: Reputation: 68
head=${LINE%% srckey=*}
mid=${head##*stream_timeout=}
mid=${mid#* }
SRC=${mid% dst=*}
DEST=${mid#* }
SRC=${SRC#src=}
DEST=${DEST#dst=}
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Where is the bash log file? alaios Linux - General 5 04-28-2006 04:28 AM
Parsing a File in a Bash Script TGWDNGHN Programming 4 12-02-2005 03:38 PM
Log Parsing Program For Breezy seattlegeek Ubuntu 1 10-28-2005 11:41 AM
Help Parsing Log files blacky777 Linux - Security 6 04-21-2004 02:06 PM
parsing log files jstu Linux - General 4 06-10-2003 08:26 PM


All times are GMT -5. The time now is 03:19 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration