awk or any other command to pick up value next to matching?

Hi there,

My logs are coming in this format and I need to pickup the value associated with/or after "Destination DNS Hostname". Can someone please shed some light and help me on this?

Thanks and Regards,
Blason R

11:00:45 prevent 10.10.3.1 >lo session_id:{0x5c47eb62,0x38,0x10310ac,0xc0000001};Suppressed logs:40;sent_bytes:0;received_bytes:0;severity:4;log_id:2;src:192.168.100.199;dst:10.10.3.44;proto:t cp;Protection name:Andromeda.TC.co;description:Connection to DNS trap bogus IP. See sk74060 for more information.;Source OS:Windows;Confidence Level:3;malware_action:Communication with C&C site;Protection TypeNS Trap;malware_rule_id:{00000092-002C-0048-8719-E4CB04A2BCA8};Destination DNS Hostname:amnsreiuojy.ru;protection_id:00466580E;scope:192.168.100.199;product:Anti Malware;service:80;s_port:52478

Tried multiple Tricks with awk but nothing worked

grep -o "Destination DNS Hostname"


sed '/Hostname/s/.*Hostname \([^ ][^ ]*\)[ ]*.*/\1/'


fixed_string=Hostname
awk -F '${fixed_string}' '{print $2}' file | awk '{print $1}'

you need to write a regexp to look for what you need. You can implement it in awk/grep/sed/perl/python/whatever you like.

Code:

grep -o -P '(?<=Destination DNS Hostname:)[^;]*'
awk ' BEGIN { RS=";"; FS=":" } /Destination DNS Hostname/ { print $2 }'
sed -n '/Destination DNS Hostname/{s/.*Destination DNS Hostname://;s/;.*//;p}'

It sounds like you are trying something like this:

Code:

awk -F ';' '/Destination DNS Hostname/{sub(/^[^:]+:/,"",$17);print $17;}' /some/file.log

# or

awk -F ';' '$17~/^Destination DNS Hostname/{sub(/^[^:]+:/,"",$17);print $17;}' /some/file.log

Quote:

Originally Posted by pan64 Code: sed -n '/Destination DNS Hostname/{s/.*Destination DNS Hostname://;s/;.*//;p}'

"Destination DNS Hostname" is redundant here
Anyway, you can simplify your command with:

Code:

sed -En 's/.*Destination DNS Hostname:([^;]+).*/\1/p'