Code:
$ sudo tail -f /var/log/messages | grep LOGPREFIX | awk '{print $11}'
I am watching some iptables logging and want to filter it
I want to look from any strings containing LOGPREFIX and then print the 11th column.
However, when I run the above, it sits there without printing anything. Removing the awk command causes it to display the output. Removing the -f (to actively follow it) causes it to work with the awk command.
Is there a limitation in tail to prevent more then one filtering program when using -f or am I writing it wrong?
My output:
Code:
$ sudo tail -f /var/log/messages | grep LOGPREFIX
Jul 1 20:14:25 HOSTNAME kernel: [1245137.142033] LOGPREFIX IN=eth1 OUT= MAC=macaddress SRC=source_ip DST=dest_ip LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=59154 DF PROTO=TCP SPT=43935 DPT=7778 WINDOW=29200 RES=0x00 SYN URGP=0
Jul 1 20:14:25 HOSTNAME kernel: [1245137.142033] LOGPREFIX IN=eth1 OUT= MAC=macaddress SRC=source_ip DST=dest_ip LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=59154 DF PROTO=TCP SPT=43935 DPT=7778 WINDOW=29200 RES=0x00 SYN URGP=0
...
Code:
$ sudo tail -f /var/log/messages | grep LOGPREFIX | awk '{print $11}'
_ (no output)
Code:
$ sudo tail /var/log/messages | grep LOGPREFIX | awk '{print $11}'
SRC=dest_ip
SRC=dest_ip
...