[SOLVED] Grep challenge!

Nickjpost · 09-04-2013, 05:35 PM

Hello all!

I'm trying to put together a grep command that will search a file (audit.log) for USERNAME=n where n is an unknown string and DATETIME=n n where both n's represent two 3-character values (day and month).

Here's what I have so far:

Code:

grep -ow  "USERNAME=\w\{1,13\}\|DATETIME=\w\{1,3\}" audit.log* > test

And the output looks like this:

Code:

audit.log:USERNAME=USTRELA
audit.log:DATETIME=Wed

Obviously I'm getting the day, but the 3-character month (eg Jan, Feb, etc.) should be included to look something like this:

Code:

audit.log:USERNAME=USTRELA
audit.log:DATETIME=Wed Aug

Can anyone be so kind as to help me? I've played with the above command quite a bit, but no dice

Bonus if you can help me with the command to show just the month (I'm at a loss there and suspect I'd need to get awk involved...) :

Code:

audit.log:USERNAME=USTRELA
audit.log:DATETIME=Aug

sycamorex · 09-04-2013, 05:40 PM

Can you post a sample of the input file?

Nickjpost · 09-04-2013, 05:45 PM

Quote:

Originally Posted by sycamorex

Can you post a sample of the input file?

Thank you so much for your reply!

Here's a sample:

Code:

EVENTID=USER_PROTECTED
DATETIME=Wed Aug 21 12:19:05 EDT 2013
PROTECTED_APP_USERNAME=USTRELA
RESULT=xxxxxxx
SESSION_ID=xxxxxxx
APPLICATION=xxxxxxxx
USERNAME=USTRELA
TYPE=xxxxx

As you can see, the only fields I'm interested in are USERNAME=n and DATETIME=n n

mmhs · 09-04-2013, 05:56 PM

Quote:

Originally Posted by Nickjpost

Hello all!

I'm trying to put together a grep command that will search a file (audit.log) for USERNAME=n where n is an unknown string and DATETIME=n n where both n's represent two 3-character values (day and month).

Here's what I have so far:

Code:

grep -ow  "USERNAME=\w\{1,13\}\|DATETIME=\w\{1,3\}" audit.log* > test

And the output looks like this:

Code:

audit.log:USERNAME=USTRELA
audit.log:DATETIME=Wed

Obviously I'm getting the day, but the 3-character month (eg Jan, Feb, etc.) should be included to look something like this:

Code:

audit.log:USERNAME=USTRELA
audit.log:DATETIME=Wed Aug

Can anyone be so kind as to help me? I've played with the above command quite a bit, but no dice

Bonus if you can help me with the command to show just the month (I'm at a loss there and suspect I'd need to get awk involved...) :

Code:

audit.log:USERNAME=USTRELA
audit.log:DATETIME=Aug

awk '/^USERNAME|DATETIME/ { print $1" "$2 }' file

sycamorex · 09-04-2013, 06:03 PM

Would that work for you?

Code:

awk  '/DATETIME|^USERNAME/ {print $1, $2 }' file.txt

It's awk, not grep but it seems to do the job.

Nickjpost · 09-04-2013, 10:19 PM

Quote:

Originally Posted by sycamorex

Would that work for you?

Code:

awk  '/DATETIME|^USERNAME/ {print $1, $2 }' file.txt

It's awk, not grep but it seems to do the job.

That did the trick, sycamorex! Hats off to you and mmhs!! I'm terrible with awk, but that seemed so much easier....I guess it's time to pick up an O'Reilly Sed & Awk book, lol