Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place! |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
10-14-2009, 10:01 AM
|
#1
|
Member
Registered: Oct 2009
Distribution: Windows10 Linux Mint NST Kali CentOS
Posts: 203
Rep:
|
Simple Code to convert a field in the same file
Hi, I want to change/convert one field that is in a line of text(about 10 fields in a line) So in this line
'Mop-21050905','auth','info','info','26','2009-10-09 12:45:11','snort','snort[4574]: [1:408:5] ICMP Echo Reply [Classification: Misc activity] [Priority: 3]: {ICMP} 208.67.220.220 -> 95.224.96.106',8764647
I want to replace the datetime field '2009-10-09 12:45:11' with UTC '1255088707' e.g.
'Mop-21050905','auth','info','info','26','1255088707','snort','snort[4574]: [1:408:5] ICMP Echo Reply [Classification: Misc activity] [Priority: 3]: {ICMP} 208.67.220.220 -> 95.224.96.106',8764647
Would this command work? Also I would need to change multiple lines in the same way.
sed -e 's/.*'//' | date -d "XXX" +%s filename
I think these commands might do it but they are not correct
Any suggestions?
Last edited by shayno90; 10-14-2009 at 10:11 AM.
|
|
|
10-14-2009, 11:12 AM
|
#2
|
Member
Registered: Apr 2009
Distribution: slackware64-15.0
Posts: 546
Rep:
|
I ran a quick test with this.
First I wrote this script:
Code:
#!/bin/sh
cat > input.txt <<EOF
'Mop-21050905','auth','info','info','26','2009-10-09 12:45:11','snort','snort[45
74]: [1:408:5] ICMP Echo Reply [Classification: Misc activity] [Priority: 3]: {I
CMP} 208.67.220.220 -> 95.224.96.106',8764647
'Mop-21050904','auth','info','info','26','2009-10-07 11:45:11','snort','snort[45
74]: [1:408:5] ICMP Echo Reply [Classification: Misc activity] [Priority: 3]: {I
CMP} 208.67.220.220 -> 95.224.96.106',8764647
EOF
cat input.txt
echo '-----------------'
UTC=1255088707
cmd="sed 's/[0-9]\{4,4\}-[0-9]\{2,2\}-[0-9]\{2,2\} [0-9]\{2,2\}:[0-9]\{2,2\}:[0-
9]\{2,2\}/$UTC/g' input.txt"
eval "$cmd"
made the script (bogus.sh) executable then ran it:
Code:
$ ./bogus.sh
'Mop-21050905','auth','info','info','26','2009-10-09 12:45:11','snort','snort[4574]: [1:408:5] ICMP Echo Reply [Classification: Misc activity] [Priority: 3]: {ICMP} 208.67.220.220 -> 95.224.96.106',8764647
'Mop-21050904','auth','info','info','26','2009-10-07 11:45:11','snort','snort[4574]: [1:408:5] ICMP Echo Reply [Classification: Misc activity] [Priority: 3]: {ICMP} 208.67.220.220 -> 95.224.96.106',8764647
-----------------
'Mop-21050905','auth','info','info','26','1255088707','snort','snort[4574]: [1:408:5] ICMP Echo Reply [Classification: Misc activity] [Priority: 3]: {ICMP} 208.67.220.220 -> 95.224.96.106',8764647
'Mop-21050904','auth','info','info','26','1255088707','snort','snort[4574]: [1:408:5] ICMP Echo Reply [Classification: Misc activity] [Priority: 3]: {ICMP} 208.67.220.220 -> 95.224.96.106',8764647
If you want the file to be replaced replace
Code:
cmd="sed 's/..... input.txt"
with
Code:
cmd="sed -i 's/..... input.txt"
|
|
|
10-14-2009, 12:16 PM
|
#3
|
Member
Registered: Oct 2009
Distribution: Windows10 Linux Mint NST Kali CentOS
Posts: 203
Original Poster
Rep:
|
Well I have a specific command to change the datetime to UTC, those integers I provided were an example of how it should be converted.
I think this code may work but needs some improvement
filename | awk -F"/" '{ split($NF,tmp,"'"); print tmp[6] }' `
|
|
|
10-14-2009, 02:58 PM
|
#4
|
Member
Registered: Apr 2009
Distribution: slackware64-15.0
Posts: 546
Rep:
|
Quote:
Well I have a specific command to change the datetime to UTC, those integers I provided were an example of how it should be converted.
|
I figured that. That's why I stored it in a variable in
the shell script. All you have to do is
replace the line
with that line
Code:
UTC=$(your command here)
where you write your command inside the parenthesis
|
|
|
10-15-2009, 07:42 AM
|
#5
|
Member
Registered: Oct 2009
Distribution: Windows10 Linux Mint NST Kali CentOS
Posts: 203
Original Poster
Rep:
|
Hi vonbiber, i am having trouble running the command
1st not sure how to run ./ bogus.sh, do u remove #!/bin/sh first
2nd think my date command is not been read properly, (maybe can't field to change)--> problem with "XXX" maybe
3rd you replace input.txt with your filename
4th i went to the bottom of my text document and copied the last line so the EOF would stop there
This is what I ran
#!/bin/sh
./ bogus.sh
cat > filename <<EOF
'Mop-21050905','auth','info','info','26','2009-10-09 12:45:20','snort','snort[4574]: [1:2050:14] SQL version overflow attempt [Classification: Attempted Administrator Privilege Gain] [Priority: 1]: {UDP} 202.103.9.51:1096 -> 95.224.96.106:1434',8764657
EOF
cat filename
echo '-----------------'
UTC=$(date -d "XXX" +%s)
cmd="sed 's/[0-9]\{4,4\}-[0-9]\{2,2\}-[0-9]\{2,2\} [0-9]\{2,2\}:[0-9]\{2,2\}:[0-
9]\{2,2\}/$UTC/g' filename"
eval "$cmd"
Sorry I don't understand, it is difficult to make the changes when I can't understand some code
|
|
|
10-15-2009, 08:33 PM
|
#6
|
LQ Guru
Registered: Aug 2004
Location: Sydney
Distribution: Rocky 9.2
Posts: 18,415
|
bogus.sh is the name he made up for the test script he wrote; a replacement for yours.
|
|
|
10-16-2009, 04:36 AM
|
#7
|
Member
Registered: Apr 2009
Distribution: slackware64-15.0
Posts: 546
Rep:
|
If you have already a file to read from, copy and paste
the code below to a file that you name whatever you like
(eg bogus.sh) and make executable (chmod +x bogus.sh)
Code:
#!/bin/sh
if [ -z "$1" ]; then
exit 1
fi
if [ ! -e "$1" ]; then
exit 1
fi
INPUT="$1"
UTC=$(date --utc +%s)
cmd="sed 's/[0-9]\{4,4\}-[0-9]\{2,2\}-[0-9]\{2,2\} [0-9]\{2,2\}:[0-9]\{2,2\}:[0-
9]\{2,2\}/$UTC/g' $INPUT"
eval "$cmd"
then you run like this (replace bogus.sh by the name you
gave to your script shell and replace filename by the actual
name of the file you're reading from)
Code:
./bogus.sh filename
some comments
Code:
UTC=$(date --utc +%s)
This stores the date in UTC format in the variable UTC.
It can be retrieved by invoking its value $UTC.
This writes the replacement command to apply to the input file
This executes the command written above.
|
|
|
All times are GMT -5. The time now is 08:07 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|