Code Comments

Programming Forum and web based access to our favorite programming groups.
For Programmers: Free Programming Magazines | New: Database administration forum
Registration is free! Edit your profileCalendarFind other membersFrequently Asked QuestionsSearch -> 
Code Comments > Programming Languages > AWK >

Re: Need to Parse Log Files That Are Spread Across Two Lines Per


Post New Thread











Thread
Author
Re: Need to Parse Log Files That Are Spread Across Two Lines Per
Vadmin wrote:
> Hello:
>
> I am at a loss, I have a logfile which I wish to use to create a report
> for, but this particuliar logfile contains two lines for each entry
> made.  The following is a snippet of the logfile:
>
> User=unknown, Auth=0 [None], Server=192.168.1.2:8080, Time=01/29/2006
> 06:00:00, Duration=18:01:02, Transfer=5528910
> Source=192.168.200.200:2142, Destination=10.10.10.1:3222,
> Connection=TCP Proxy, ACL=default:2
>
> User=unknown, Auth=0 [None], Server=192.168.1.3:8080, Time=01/29/2006
> 01:23:36, Duration=22:37:26, Transfer=7273894
> Source=192.168.200.122:1467, Destination=10.10.12.3:3334,
> Connection=TCP Proxy, ACL=default:2
>
> As you can see, each log entry starts off with "User=", the second line
> for the same logged event with "Source="

awk works on records, not lines. The fact that the default record
separator is the end of line character doesn't mean it HAS to be. In
this case, you appear to have a blank line between each 2-line record,
so we'll just set the RS to indicate a blank line. In gawk that's just
setting the RS to an empty string:

awk -v RS= ...

> What I am looking to achieve is to generate a report for each time
> "Server=192.168.1.3" is found on line 1, then print out only
> "Source:IP_ADDRESS  Destination: IP_ADDRESS Port: Port_Number"  The
> port number in this case is what follows after the actual IP address,
> i.e. 10.10.12.3:3334, where 3334 is the port number and 10.10.12.3 is
> the Destination IP address.
>

So, we're looking for blank-line-separated records ( -v RS= ) where the
fields are apparently separated by a comma followed by a space or by a
newline character ( -F'(, |\n)' ), and the 3rd field has to start with
"Server=192.168.1.3:". That'd be this:

awk -v RS= -F'(, |\n)' '$3 ~ /^Server=192.168.1.3:/' file

To then print only the information you care about is just this:

awk -v RS= -F'(, |\n)' '
$3 ~ /^Server=192.168.1.3:/ {
split($7,s,"[=:]")
split($8,d,"[=:]")
printf "%s: %s %s: %s Port: %s\n", s[1],s[2],d[1],d[2],d[3]
}' file

Regards,

Ed.

Report this thread to moderator Post Follow-up to this message
Old Post
Ed Morton
01-30-06 11:56 PM

Sponsored Links



Last Thread Next Thread Next
Search this forum -> 
Post New Thread

AWK archive

Show a Printable Version Send to friend Email This Page to Someone! subscribe to this thread Receive updates to this thread
Computer Consultants
Programming Jobs
Visual Basic Controls
SQL Server Programming
Webservices
Java Security
Visual Studio
C# Programming
Visual J++
Software engineering
Open source Software
Perl Programming
PHP Programming
ASP Programming
ASP .NET Programming
Visual Basic Programming
Windows Scripting Host
Java Programming
Java Help
Java Beans
VBScript
Cobol
MAC Applications
Unix Programming
Forum Jump:
All times are GMT. The time now is 08:15 AM.

 
Free MCSE Braindumps | Real Estate Topics
Programming forum archive

Copyrights CodeComments.com 2004 - 2006

Powered by vBulletin Copyright 2000-2006 Jelsoft Enterprises Limited.