LinuxQuestions.org - strange pipe behaviour

- Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)

- - strange pipe behaviour (https://www.linuxquestions.org/questions/linux-newbie-8/strange-pipe-behaviour-246671/)

strange pipe behaviour

hi,

I want to extract IP address from string

Quote:

Oct 24 13:53:13 guliver sshd[29796]: Did not receive identification string from ::ffff:131.211.32.242

This string is from /var/log/secure, and I want to use it with iptables to block IPs that are testing ssh login.

Here is my problem. I'm tail-ing /var/log/secure with command

Quote:

tail -f /var/log/secure | awk '/Did not receive identification string from / {print $12}'

::ffff:211.180.157.251
::ffff:193.77.102.137
...

but when I add sed to remove pattern ::ffff:, output from pipe is empty

Quote:

tail -f /var/log/secure | awk '/Did not receive identification string from / {print $12}' | sed -e s/::ffff://

strange thing is that cat instead tail works perfectly

Quote:

cat /var/log/secure | awk '/Did not receive identification string from / {print $12}' | sed -e s/::ffff://

211.180.157.251
193.77.102.137

Where is the problem?

You might need to escape the colons in order for them to be read properly:
sed -e s/\:\:ffff\://

Another option, if your input is always in this format, is to skip sed and just use awk with a specified field separator (a colon):

Code:

tail -f /var/log/secure | awk -F : '/Did not receive identification string from / {print $NF}'

thanks for tip,
bat that didn't solve my problem

Quote:

tail -f /var/log/secure | awk -F : '/Did not receive identification string from / {print $NF}'

returns IP address, but command

Quote:

tail -f /var/log/secure | awk -F : '/Did not receive identification string from / {print $NF}' >> /path/file

don't write to file...

How about something like this ....

tail /var/log/secure | grep -e "Did not" | awk -F: '{print$4$7}'

Edit: I added the grep part to cut out the stuff you don't need.

try to redirect output of
tail -f /var/log/secure | awk -F : '/Did not receive identification string from / {print $NF}'
to some file
tail -f /var/log/secure | awk -F : '/Did not receive identification string from / {print $NF}' >> /tmp/test

nothing happens, /tmp/test is empty, why?

What is the purpose of "/Did not receive identification string from /"?
I tried it without this, and it seems to work. With that part included, I get no redirect

please read the beginning of the thread

Sorry, but that didn't answer my question. I don't know all uses for awk, so I don't understand why you added the "/Did not.../ " string to the awk command.
It would help a lot in fixing your problem, considering that when the string is removed, the awk and redirect work fine. I'm thinking it's a syntax problem.

So...what are you hoping to achieve by using
awk -F : '/Did not receive identification string from / {print $NF}'
instead of
awk -F : '{print $NF}'
?

I guess the question would be
What exactly do you want the output to look like?

Quote:

Originally posted by mikshaw
Sorry, but that didn't answer my question. I don't know all uses for awk, so I don't understand why you added the "/Did not.../ " string to the awk command.
It would help a lot in fixing your problem, considering that when the string is removed, the awk and redirect work fine. I'm thinking it's a syntax problem.

So...what are you hoping to achieve by using
awk -F : '/Did not receive identification string from / {print $NF}'
instead of
awk -F : '{print $NF}'
?

with awk -F : '/Did not receive identification string from / {print $NF}'
I'm filtering lines with string "Did not receive identification string from"

Ok, I can do that also with grep before awk, but anyway
tail -f /tmp/test | awk -F : '{print $NF}' >> somefile
don't write to somefile

Quote:

I guess the question would be
What exactly do you want the output to look like?

I need to extract IP address from line:
Oct 24 13:53:13 guliver sshd[29796]: Did not receive identification string from ::ffff:131.211.32.242
and then store it to somefile