parse an arpwatch file and retain most recent mac

CM64 · #1 (**permalink**) 04-10-2007

Hi,

I'm working on a little script, for first I transformed epoch (unix date in seconds) in a human readable date in this way

cat arp.dat | sort -k 3 | gawk '{ print strftime("%d:%m:%Y:%H:%M", $3),$1,$2}'

the result is

06:03:2006:10:01 0:a:e4:c0:b5:6d 192.168.1.3
06:03:2006:12:15 0:a:e4:c0:b5:6e 192.168.1.4
......
07:03:2007:09:18 0:a:e4:c0:b5:6d 192.168.1.8

I am interested in parsing the arpwatch file and retaining just the more recent entries and produce another file, so I have to compare dates. How can I do?

anbu23 · #2 (**permalink**) 04-10-2007

Code:

awk -F":" ' $3 == 2007 && $2 > 2 ' file >newfile

Add conditions according to your needs

CM64 · #3 (**permalink**) 04-10-2007

I don't understand very well where you say "add conditions according to your needs". The matter is a little more complicated, I've got about 2.000 entries, sometimes I've got something like this

01.01.2007:10.15 aa:bb:ecc. 1.2.3.4
01.01.2007:10.16 aa:bb:ecc. 1.2.3.5

(our lan is divided in pieces and uses DHCP, so a computer a laptop for example can have a complitely different ip in minutes)

so it's not pratical using == 2007(and eventually other statements) I think I need some kind of a function date/compare on date fild (as well hour) or maybe I miss something in your suggestion please give me details.

anbu23 · #4 (**permalink**) 04-10-2007

Code:

awk ' { arr[$2]=$0 } 
END {
     for(key in arr) { print arr[key] }
}' file > newfile

CM64 · #5 (**permalink**) 04-10-2007

Thank you very much but I don't understand. I know is a fault of mine, I am a very beginning awk scripter. Can you give me a complete code, it' seems to me that is the key statement that is the "key" but I don't understand how to use it.

anbu23 · #6 (**permalink**) 04-10-2007

Code:

$ cat file
06:03:2006:10:01 0:a:e4:c0:b5:6d 192.168.1.3
06:03:2006:12:15 0:a:e4:c0:b5:6e 192.168.1.4
07:03:2007:09:18 0:a:e4:c0:b5:6d 192.168.1.8
01.01.2007:10.15 aa:bb:ecc. 1.2.3.4
01.01.2007:10.16 aa:bb:ecc. 1.2.3.5
$ awk ' { arr[$2]=$0 }
> END {
>      for(key in arr) { print arr[key] }
> }' file
07:03:2007:09:18 0:a:e4:c0:b5:6d 192.168.1.8
06:03:2006:12:15 0:a:e4:c0:b5:6e 192.168.1.4
01.01.2007:10.16 aa:bb:ecc. 1.2.3.5

If this is not the expected output, can you show sample input and output?

More UNIX and Linux Forum Topics You Might Find Helpful
Thread	Thread Starter	Forum	Replies	Last Post
How to retain the header information of a file	ahjiefreak	UNIX for Dummies Questions & Answers	0	12-04-2007 07:21 PM
How to retain file permissions during FTP on Solaris 5.9 ?	gauravsachan	UNIX for Advanced & Expert Users	3	04-26-2007 10:19 AM
getting the most recent file	anujairaj	Shell Programming and Scripting	3	06-22-2006 03:34 PM
Changing name of most recent file	warpmail	AIX	1	02-15-2006 07:34 PM
Most Recent File script	josborn777	Shell Programming and Scripting	1	03-29-2002 05:01 PM

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes	Rate This Thread
Switch to Linear Mode Hybrid Mode Switch to Threaded Mode	Rate This Thread:


	Powered by