Home > Archive > AWK > July 2004 > extract 3 fields from file
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
extract 3 fields from file
|
|
| clhal123 2004-07-13, 8:56 pm |
| What I need to do is pull 3 fields from a file. The first 2 fields are
easy because they are always in the same column. The last field varies in
location. An example of a file is shown below. The fields I would like
to get filtered out, sorted, and piped to another file is the ip address,
hostname, and the OS version (which follows all the open port info).
# nmap (V. 3.00) scan initiated Tue Jul 13 15:02:11 2004 as: nmap -sS -r
-O -oG filename 192.168.1.1-5
Host: 192.168.1.1 (pcname.domain.org) Ports: 135/open/tcp//loc-srv///,
139/open/tcp//netbios-ssn///, Ignored State: closed (1595) OS: Windows
2000/XP/ME Seq Index: 8454 IPID Seq: Incremental
Host: 192.168.1.2 (pcname.domain.org) Ports: 135/open/tcp//loc-srv///,
139/open/tcp//netbios-ssn///, 445/open/tcp//microsoft-ds///, Ignored
State: closed (1595) OS: Windows 2000/XP/ME Seq Index: 17108 IPID Seq:
Incremental
Host: 192.168.1.3 (pcname.domain.org) Ports: 135/open/tcp//loc-srv///,
139/open/tcp//netbios-ssn///, Ignored State: closed (1596) OS: Windows
2000/XP/ME Seq Index: 7153 IPID Seq: Incremental
Host: 192.168.1.4 (pcname.domain.org) Ports: 135/open/tcp//loc-srv///,
139/open/tcp//netbios-ssn///, Ignored State: closed (1595)OS: Windows
2000/XP/ME Seq Index: 4347 IPID Seq: Incremental
Host: 192.168.1.5 (pcname.domain.org) Ports: 135/open/tcp//loc-srv///,
139/open/tcp//netbios-ssn///, 445/open/tcp//microsoft-ds///, Ignored
State: closed (1595) OS: Windows 2000/XP/ME Seq Index: 9675 IPID Seq:
Incremental
# Nmap run completed at Tue Jul 13 15:02:33 2004 -- 16 IP addresses (5
hosts up) scanned in 22 seconds
Any help would greatly be appreciated..
Clint
| |
|
| using the first record example input to awk script:
/Host:/{ split($0,z,"Host:|Ports:|Ignored State:|OS:|Seq Index:|Seq:");
for(i in z) {
print "z["i"]="z[i];
}
}
yields:
z[1]=
z[2]= 192.168.1.1 (pcname.domain.org)
z[3]= 135/open/tcp//loc-srv///,139/open/tcp//netbios-ssn///,
z[4]= closed (1595)
z[5]= Windows2000/XP/ME
z[6]= 8454 IPID
z[7]= Incremental
you shoould be able to pull what you need from array "z"
HTH....
--
pop is Mark
I'm lost. I've gone to look for myself.
If I should return before I get back, keep me here.
--
"clhal123" <cshall@nospam.com> wrote in message
news:d296b5781737ec80d2aacb85ca20f8db@lo
calhost.talkaboutprogramming.com...
> What I need to do is pull 3 fields from a file. The first 2 fields are
> easy because they are always in the same column. The last field varies in
> location. An example of a file is shown below. The fields I would like
> to get filtered out, sorted, and piped to another file is the ip address,
> hostname, and the OS version (which follows all the open port info).
>
> # nmap (V. 3.00) scan initiated Tue Jul 13 15:02:11 2004 as: nmap -sS -r
> -O -oG filename 192.168.1.1-5
> Host: 192.168.1.1 (pcname.domain.org) Ports: 135/open/tcp//loc-srv///,
> 139/open/tcp//netbios-ssn///, Ignored State: closed (1595) OS: Windows
> 2000/XP/ME Seq Index: 8454 IPID Seq: Incremental
> Host: 192.168.1.2 (pcname.domain.org) Ports: 135/open/tcp//loc-srv///,
> 139/open/tcp//netbios-ssn///, 445/open/tcp//microsoft-ds///, Ignored
> State: closed (1595) OS: Windows 2000/XP/ME Seq Index: 17108 IPID Seq:
> Incremental
> Host: 192.168.1.3 (pcname.domain.org) Ports: 135/open/tcp//loc-srv///,
> 139/open/tcp//netbios-ssn///, Ignored State: closed (1596) OS: Windows
> 2000/XP/ME Seq Index: 7153 IPID Seq: Incremental
> Host: 192.168.1.4 (pcname.domain.org) Ports: 135/open/tcp//loc-srv///,
> 139/open/tcp//netbios-ssn///, Ignored State: closed (1595)OS: Windows
> 2000/XP/ME Seq Index: 4347 IPID Seq: Incremental
> Host: 192.168.1.5 (pcname.domain.org) Ports: 135/open/tcp//loc-srv///,
> 139/open/tcp//netbios-ssn///, 445/open/tcp//microsoft-ds///, Ignored
> State: closed (1595) OS: Windows 2000/XP/ME Seq Index: 9675 IPID Seq:
> Incremental
> # Nmap run completed at Tue Jul 13 15:02:33 2004 -- 16 IP addresses (5
> hosts up) scanned in 22 seconds
>
> Any help would greatly be appreciated..
>
> Clint
>
| |
| Chris F.A. Johnson 2004-07-14, 3:55 am |
| On 2004-07-14, clhal123 wrote:
> What I need to do is pull 3 fields from a file. The first 2 fields are
> easy because they are always in the same column. The last field varies in
> location. An example of a file is shown below. The fields I would like
> to get filtered out, sorted, and piped to another file is the ip address,
> hostname, and the OS version (which follows all the open port info).
>
> # nmap (V. 3.00) scan initiated Tue Jul 13 15:02:11 2004 as: nmap -sS -r -O -oG filename 192.168.1.1-5
> Host: 192.168.1.1 (pcname.domain.org) Ports: 135/open/tcp//loc-srv///, 139/open/tcp//netbios-ssn///, Ignored State: closed (1595) OS: Windows 2000/XP/ME Seq Index: 8454 IPID Seq: Incremental
> Host: 192.168.1.2 (pcname.domain.org) Ports: 135/open/tcp//loc-srv///, 139/open/tcp//netbios-ssn///, 445/open/tcp//microsoft-ds///, Ignored State: closed (1595) OS: Windows 2000/XP/ME Seq Index: 17108 IPID Seq: Incremental
> Host: 192.168.1.3 (pcname.domain.org) Ports: 135/open/tcp//loc-srv///, 139/open/tcp//netbios-ssn///, Ignored State: closed (1596) OS: Windows 2000/XP/ME Seq Index: 7153 IPID Seq: Incremental
> Host: 192.168.1.4 (pcname.domain.org) Ports: 135/open/tcp//loc-srv///, 139/open/tcp//netbios-ssn///, Ignored State: closed (1595)OS: Windows 2000/XP/ME Seq Index: 4347 IPID Seq: Incremental
> Host: 192.168.1.5 (pcname.domain.org) Ports: 135/open/tcp//loc-srv///, 139/open/tcp//netbios-ssn///, 445/open/tcp//microsoft-ds///, Ignored State: closed (1595) OS: Windows 2000/XP/ME Seq Index: 9675 IPID Seq: Incremental
> # Nmap run completed at Tue Jul 13 15:02:33 2004 -- 16 IP addresses (5 hosts up) scanned in 22 seconds
awk '/^#/ {next}
NF {print $2, $3, $(NF-7), $(NF-6)}'
--
Chris F.A. Johnson http://cfaj.freeshell.org/shell
========================================
===========================
My code (if any) in this post is copyright 2004, Chris F.A. Johnson
and may be copied under the terms of the GNU General Public License
| |
| Ed Morton 2004-07-14, 3:56 pm |
|
Chris F.A. Johnson wrote:
<snip>
> awk '/^#/ {next}
> NF {print $2, $3, $(NF-7), $(NF-6)}'
Just a small tweak to simplify it slightly:
awk '/^H/{print $2, $3, $(NF-7), $(NF-6)}'
Regards,
Ed.
| |
| clhal123 2004-07-14, 8:55 pm |
| Beautiful...That will work perfectly.
Thanks
Clint
| |
| clhal123 2004-07-14, 8:55 pm |
| Beautiful...That will work perfectly.
Thanks
Clint
|
|
|
|
|