using sed to remove all but ip addresses
I am trying to extract out a list of ip addresses from a firewall log, with one ip on a line. So far I have come up with this:
cat log.txt > sed 's/^.*[0-9]\{1,3\}.[0-9]\{1,3\}.[0-9]\{1,3\}.[0-9]\{1,3\}//g' but that's not working. If someone could help me, I would be very grateful. Thanks. |
Include a little snippet of your log file so everybody is on the same page.
Ken |
Ok, thanks, here goes:
Code:
Jul 1 12:35:01 puffy pf: Jul 01 12:32:24.830687 rule 0/(match) block in on sis0: 129.42.58.103.80 > 111.22.33.44.64702: F 0:0(0) ack 1 win 8190 [tos 0x60] |
Code:
awk '{print $15}' /path/to/logfile | awk -F. '{print $1"."$2"."$3"."$4}' |
That works great, thanks frob23!
|
there's no need to use awk 2 times
Code:
|
Hi,
Or, using multiple field separators: Code:
awk -F"[ .]" '{ print $17"."$18"."$19"."$20 }' infile |
Nice answers, but I'm inclined to parse for known data rather than rely on position.
Ya never know when the format will change ... As always, each to their own - I'd probably do it in perl. |
well, given the sample input and from what i see, the only place that formatting can change is after the destination ip portion..so we can safely assuming fields 1 to 17 is kind of fixed. However, this is only a very small sample though..
|
Here is a longer sampling:
Code:
Jul 1 23:00:02 puffy pf: Jul 01 22:57:28.831284 rule 0/(match) block in on sis0 |
Whichever ISP you're with, you'll always get a large amt of hits from within that (ie the ISP's) range.
|
All times are GMT -5. The time now is 06:57 AM. |