Script Advice please?


 
Thread Tools Search this Thread
Top Forums Shell Programming and Scripting Script Advice please?
# 1  
Old 06-18-2007
Script Advice please?

Ok. I want to parse a log file and search only for denied traffic for the previous hour. The log looks like this:

Jun 18 17:47:56 routername 36806: Jun 18 17:53:01.088: %SEC-6-IPACCESSLOG: list ingress-filter denied tcp 1.2.3.4(1234) -> 6.7.8.9(53), 4 packets

I only really care about the time, routername and denied (fields 3-4,12)..

I currently have this in place:

Code:
grep "denied" file | grep gress | sed "s/  / /g" | cut -d " " -f 3-4 | sed "s/:/ :/g" | awk '$1 == 13' | cut -d " " -f 4 | sort -u

and then have that cron'ed to run every hour.... The first sed is used because between the 1st and 9th of the month, there is an extra space in the date. Second sed put the hour in it's own column to be matched on the awk. Then end file just has the routernames sorted unique.

There has to be an easier/better way to go about this?

This just came to mind again when Shell Life posted this in another thread:

Code:
sed -n '/18:/,$ p' filename

and I thought that might be a good way to just search within the previous hour.

Help?
# 2  
Old 06-18-2007
Try that (not tested):
Code:
awk -v hour=$(date +%H) '
   int($3) == hour && /denied/ && /gress/ {
      print $4:
   }
' file | sort -u

# 3  
Old 06-18-2007
Quote:
Originally Posted by aigles
Try that (not tested):
Code:
awk -v hour=$(date +%H) '
   int($3) == hour && /denied/ && /gress/ {
      print $4:
   }
' file | sort -u

Gives me this error:

awk : cmd. line:4: print $4:
awk : cmd. line:4: ^ syntax error

edit: seems to work without the : after the $4.

Looks to be working... let me play with it a little more and I'll let you know... thanks.
# 4  
Old 06-18-2007
Earnstaf,
This part will display entries in current and previous hours:
Code:
typeset -i mCurrHH
typeset -i mPrevHH
mCurrHH=`date +"%H"`
mPrevHH=${mCurrHH}-1
if [ ${mPrevHH} -eq -1 ]; then
  mPrevHH=23     ## Assuming 00:00 to 23:59
fi
mFirstPart='^... .. '
egrep "${mFirstPart}${mPrevHH}|${mFirstPart}${mCurrHH}" input_file


Last edited by Shell_Life; 06-18-2007 at 03:56 PM.. Reason: More complete solution.
# 5  
Old 06-18-2007
Quote:
Originally Posted by earnstaf
Gives me this error:

awk : cmd. line:4: print $4:
awk : cmd. line:4: ^ syntax error

edit: seems to work without the : after the $4.

Looks to be working... let me play with it a little more and I'll let you know... thanks.
Seems to be working. So I guess I should cron this to run at 59th minute 30 second of every hour?
# 6  
Old 06-18-2007
Quote:
Originally Posted by Shell_Life
Earnstaf,
This part will display entries in current and previous hours:
Code:
typeset -i mCurrHH
typeset -i mPrevHH
mCurrHH=`date +"%H"`
mPrevHH=${mCurrHH}-1
if [ ${mPrevHH} -eq -1 ]; then
  mPrevHH=23     ## Assuming 00:00 to 23:59
fi
mFirstPart='^... .. '
egrep "${mFirstPart}${mPrevHH}|${mFirstPart}${mCurrHH}" input_file

Shell Life,
Nice script. That might fit my needs a little better actually. That way I can just cron it to run on the hour and it will find everything for the previous (take out egrep and just grep on ${mPrevHH}.. I notice you use the typeset in a lot of your scripts.. I'll do some reading on that see what I can learn.

Thanks for the input. This forum has been very beneficial to me teaching me scripting... hopefully one day I can contribute as much as you guys do Smilie

Edit: Quick question:
What is this part doing?
Code:
mFirstPart='^... .. '

Looks like some sort of regexp matching from the start of the line?? Thanks for your help.
# 7  
Old 06-18-2007
Quote:
Originally Posted by earnstaf
Gives me this error:

awk : cmd. line:4: print $4:
awk : cmd. line:4: ^ syntax error

edit: seems to work without the : after the $4.

Looks to be working... let me play with it a little more and I'll let you know... thanks.
Typing error, remove : or replace by ;
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Advice on a backup script, maybe one is out there already?

Hi, Not sure whether this is the right place to post it. I decided to post it here 'coz Advanced and Expert users will most likely have the answer to what I am looking for. I want to backup scripts that I have access to to a tar file file and zip it. At the moment I am creating a directory... (4 Replies)
Discussion started by: newbie_01
4 Replies

2. Shell Programming and Scripting

Script advice

All I have 2 parent directories - input and output. Each parent has multiple sub-directories...each sub-directory has multiple files. Each parent directory structure is a mirror image of itself I need to poll the imput directory and if a new file is found, encrypt the file, move the file to... (2 Replies)
Discussion started by: davidra
2 Replies

3. Shell Programming and Scripting

Need advice on approach for script

Greetings all. I have a repository server which receives, without exhaggeration, several million files a week. The majority of these files are in .csv format, which means they're highly compressable. They are spread throughout numerous directories where there are configured monitoring utilities... (4 Replies)
Discussion started by: msarro
4 Replies

4. Shell Programming and Scripting

Advice on script

Hi folks, I use following script:- #!/bin/sh # cd Linbread TODAY=`date +"%m%d"` DATA=`grep $TODAY linbread.dat` HOUR=`date +"%H"` if then TOD="Morning" elif then TOD="Afternoon" else TOD="Evening" fi echo $DATA | gawk -F"|" '{printf("%s\n\n%s",$2,$3)}' > $$tmp fold -s -w60... (0 Replies)
Discussion started by: satimis
0 Replies

5. Shell Programming and Scripting

Looking for optimization advice on a short script

I already have a solution to my problem, but I'm looking to see if it can be made more succinct and faster. The problem: given a list, as shown below, extract the pathname for any file in a directory named 'ample' and return it's index into the list. The index is also in the data itself. Note that... (1 Reply)
Discussion started by: prigo
1 Replies

6. Shell Programming and Scripting

advice on shell script

Hello, I have this script running on cron every 20 minutes. By 12pm daily, our system is expecting all input files to be uploaded by the script. After this cutoff time, the script would still be running though, but i need some kind of alerts/logs to know which input files weren't received for... (1 Reply)
Discussion started by: gholdbhurg
1 Replies

7. Shell Programming and Scripting

Script Help/Advice

Alright, I feel like I have a pretty good basic knowledge of shell scripting, but this one is throwing me for a loop. I know I've seen something similar done with awk, but I couldn't find it with the search function. I've grepped through my log file and get results like this: --... (14 Replies)
Discussion started by: earnstaf
14 Replies

8. Shell Programming and Scripting

Advice on Script

I would like some advice on how to logically put together a script to handle a daily task of data gathering for the following problem. I have two files, file1 has 125,000 records that I cut and remove unwanted fields through scripts and cron. In file2, I have 25000 records that has the same... (4 Replies)
Discussion started by: greengrass
4 Replies

9. Shell Programming and Scripting

first script. need help and advice.

Hello everyone, This is my first post here and this is the first time I am using UNIX OS (Slackware). I find it really useful and powerful and would like to master it but as you may guess I am expreicing quite a few problems. I've been reading a few documentations about it and bash this week... (17 Replies)
Discussion started by: sanchopansa
17 Replies

10. Shell Programming and Scripting

c-shell script advice please.

Hi, I have the following script running in my cron. -------------------------------------------------------------------- #!/bin/csh bnstat -p GPD_VSLinux | grep pg | grep varcon | awk '{print $1, $2, $3, $4, $5, $6, $7, $8, $9, $10}' > /tmp/LX_xbatch.log bnstat -p GPD_VSLinux_test | grep pg... (2 Replies)
Discussion started by: killerserv
2 Replies
Login or Register to Ask a Question