|
text manipulating ... the more efficient way to grab a string
what's the most efficient way to grab B39391FF67D from this line when i grep a file?
Code:
Oct 31 14:06:04 mailserver02 postfix/smtp[6737]: B39391FF67D: to=<spamyamy@yahoo.com>, relay=hostname.filter[123.123.123.123]:25, delay=1.9, delays=0.06/0/0.45/1.4, dsn=2.0.0, status=sent (250 Thanks)my method is Code:
grep -i spam /var/log/maillog | grep "Oct 31 14" | awk '{print $6}' | sed -e 's/://' |
I dont see anything wrong with what you are doing,.. but if you want a smaller command:
Code:
grep -i spam /var/log/maillog | grep "Oct 31 14" | cut -d ":" -f4 |
ah maybe that was a bad example, but there are instances where i have all three awk/cut/sed in the same line and i'm not sure if there's a better way to extract what i need.
let me gather up a better example. |
oh i just noticed with your cut -f 4 -d ":" command, that gives me a space in front of my number and i still have to use sed to remove it ...
is that correct? |
I would use your original command. Its nice.
Do you have any reason for looking to tune this? Usually we only do that if we have to search billions of records and such. |
It seems you want to have 2 search criteria: spam and Oct 31 14. If both are found you want the B39391FF67D string.
Assuming that the layout of such a line is always the same (i.e. $6 is always the wanted field), have a look at this: Code:
awk '/Oct 31 14/ && /spam/ { gsub(/:/,"") ; print $6 }' /var/log/maillogCode:
awk 'BEGIN{IGNORECASE=1}/oCt 31 14/ && /SpAm/ { gsub(/:/,"") ; print $6 }' /var/log/maillog |
well i have a script that run every hour to grep our maillog for a certain entry, and if that entry is present, do a few other things then email out an alert.
i know it's not too resource intense, but i like to minimize every little thing i can so all these little "resource grabbers" don't grow into something that would cause a headache later. |
Consider:
Code:
awk -F":" '{print $4}' |
for example, i want this line
Oct 31 14:34:17 mailserver02 postfix/smtp[7009]: 3C9341FF9D8: to=<spamyamy@yahoo.com>, relay=outbounds8.obsmtp.com[64.18.7.12]:25, delay=4.5, delays=0.08/0/0.46/3.9, dsn=2.0.0, status=sent (250 Thanks) to only come back with 3C9341FF9D8 to=spamyamy@yahoo.com and how i get that stripped down is rather ugly, and i'm not sure it's necessary. here is how i get it: Code:
grep $MAILID /var/log/maillog | egrep "from=|to=" | egrep -v "osj" | awk '{print $6,$7}' | sed -e 's/,//g' | sed -e 's/://g' | sed -e 's/>//g' | sed -e 's/<//g';done |
Quote:
Code:
awk -F\: '/^Oct 31 14.*spam.*/{gsub(/ /,"",$4);print $4}' /var/log/maillogCode:
grep "Oct 31 14.*spam.*" /var/log/maillog | cut -d\: -f4 | sed 's/ //'to 'feed' awk, Code:
Date="Oct 31"Code:
#!/bin/bashor, this form Code:
GetSpamID () { |
Quote:
Code:
awk '/Oct 31 14/ && /spam/ { gsub(/[:,<>]/,"") ; print $6, $7 }' /var/log/maillog |
What a really Great Question!
my insanity is apparent when I grep this | grep -v that | cut -d | sed what a mess. |
Alrighty,.. well, no one has mentioned python yet,..
Code:
import re |
With this InFile ...
Code:
Oct 30 14:34:17 mailserver02 postfix/smtp[7009]: 3C9341FF9D8: to=<bogus@yahoo.com>, relay=outbounds8.obsmtp.com[64.18.7.12]:25, delay=4.5, delays=0.08/0/0.46/3.9, dsn=2.0.0, status=sent (250 Thanks)Code:
awk 'BEGIN{FS=":|,"} /^Oct 31 14/ {print $4$5}' $InFile >$OutFileCode:
3C9341FF9D8 to=<spamyamy@yahoo.com> |
man you guys are absolutely amazing ... all these different ways to get the same result and teaches me something as well.
you rock ... thank you. |
| All times are GMT -5. The time now is 08:36 AM. |