LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-09-2010, 12:52 PM   #1
MaverickApollo
Member
 
Registered: Oct 2003
Distribution: Debian
Posts: 55

Rep: Reputation: 15
sed problems


The problem is that I fail to understand how to use sed

Here is what I'm trying to do.
A file full of iptables log entry like this

Code:
Apr  9 18:32:16 feddesk kernel: IN=eth0 OUT= MAC=00:0c:29:d1:7f:b3:00:1b:2f:75:c4:32:08:00 SRC=128.59.14.106 DST=192.168.0.7 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=1454 DF PROTO=TCP SPT=56918 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
I need to get the IP address from the src, and write it out to a different file, one ip per line and discard the remainder of the line. I dont seem to be able to understand the sed command, and ask your help with this.

Any help appreciated
 
Old 04-09-2010, 01:15 PM   #2
rweaver
Senior Member
 
Registered: Dec 2008
Location: Louisville, OH
Distribution: Debian, CentOS, Slackware, RHEL, Gentoo
Posts: 1,833

Rep: Reputation: 164Reputation: 164
You could use sed... awk... perl... or cut even for this pretty much--

Code:
sed 's/.*SRC=\([0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\).*/\1/' filename.txt > ip.list
or

Code:
cat log | cut -f10 -d' ' | cut -f2 -d= > ip.list
etc...

Edit: In retrospect a brief explanation--

Code:
sed 's/.*SRC=\([0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\).*/\1/' filename.txt > ip.list
search for...
anything preceeding "SRC=" group four number sets between 1 and 3 chars long separated by a . followed by anything display the first grouping found, input file: filename.txt, redirect stdout to ip.list

Last edited by rweaver; 04-09-2010 at 02:08 PM.
 
Old 04-09-2010, 01:16 PM   #3
pixellany
LQ Veteran
 
Registered: Nov 2005
Location: Annapolis, MD
Distribution: Arch/XFCE
Posts: 17,802

Rep: Reputation: 738Reputation: 738Reputation: 738Reputation: 738Reputation: 738Reputation: 738Reputation: 738
What is it that you do not understand?

Here is my favorite SED tutorial:
http://www.grymoire.com/Unix/Sed.html
 
1 members found this post helpful.
Old 04-09-2010, 01:25 PM   #4
indiajoe
Member
 
Registered: Jan 2009
Location: India
Distribution: Porteus atma
Posts: 84

Rep: Reputation: 21
gawk solution

Hi
If you don't mind using gawk the following command should do
Code:
gawk '{print $9}' logfile | cut -b 5- >> IPlist
The the logfile is your log file from which the IP has to be extracted and IPlist where the IPs will we stored.
-Cheers
indiajoe
 
Old 04-09-2010, 04:06 PM   #5
MaverickApollo
Member
 
Registered: Oct 2003
Distribution: Debian
Posts: 55

Original Poster
Rep: Reputation: 15
Thanks all for the help, much appreciated. I'm on the way to getting to grips with it now with these examples and that tutorial.
 
Old 04-10-2010, 01:30 AM   #6
grail
LQ Guru
 
Registered: Sep 2009
Location: Perth
Distribution: Manjaro
Posts: 9,530

Rep: Reputation: 2897Reputation: 2897Reputation: 2897Reputation: 2897Reputation: 2897Reputation: 2897Reputation: 2897Reputation: 2897Reputation: 2897Reputation: 2897Reputation: 2897
(g)awk doesn't require the cut:

Code:
awk '{sub(/SRC=/,"");print $9}' logfile >> IPlist
 
Old 04-10-2010, 02:02 AM   #7
syg00
LQ Veteran
 
Registered: Aug 2003
Location: Australia
Distribution: Lots ...
Posts: 15,812

Rep: Reputation: 2168Reputation: 2168Reputation: 2168Reputation: 2168Reputation: 2168Reputation: 2168Reputation: 2168Reputation: 2168Reputation: 2168Reputation: 2168Reputation: 2168
If you can presume that much, this should work
Code:
sed -n -r 's/.*SRC=([^[:space]]).*/\1/p'

Last edited by syg00; 04-10-2010 at 03:40 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Problems with sed maker10 Programming 3 06-27-2008 01:39 PM
sed RegEx problems InJesus Programming 6 01-12-2007 11:48 AM
SED has problems with Ram rabby Linux - Software 5 02-28-2005 06:46 PM
sed problems icisyd Linux - Software 2 11-19-2004 06:17 PM
weird sed problems C++freak Slackware 5 08-04-2003 04:00 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 03:46 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration