generating reports based on time field of network data

renukaprasadb · #1 (**permalink**) 08-20-2008

hi i have data extracted in the following format ranging around 300000 to 800000 records in a text file , the format is of network data .
No. Time Source Destination Protocol
1 1998-06-05 17:20:23.569905 HP_61:aa:c9 HP_61:aa:c9 LLC
2 1998-06-05 17:20:24.569709 HP_61:aa:c9 HP_61:aa:c9 LLC
3 1998-06-05 17:20:25.547310 Cisco_04:41:bc Cisco_04:41:bc LOOP
4 1998-06-05 17:20:26.068756 HP_61:aa:c9 HP_61:aa:c9 TCP
5 1998-06-05 17:20:27.068809 HP_61:aa:c9 HP_61:aa:c9 UDP
6 1998-06-05 17:20:28.069107 HP_61:aa:c9 HP_61:aa:c9 FTP
7 1998-06-05 17:20:29.068810 HP_61:aa:c9 HP_61:aa:c9 FTP
8 1998-06-05 17:20:30.069417 HP_61:aa:c9 HP_61:aa:c9 TELNET
9 1998-06-05 17:20:31.071067 HP_61:aa:c9 HP_61:aa:c9 SMTP
10 1998-06-05 17:20:32.068868 HP_61:aa:c9 HP_61:aa:c9 SMTP
11 1998-06-05 17:20:33.069603 HP_61:aa:c9 HP_61:aa:c9 TELNET
12 1998-06-05 17:20:34.070245 HP_61:aa:c9 HP_61:aa:c9 LLC
13 1998-06-05 17:20:35.069411 HP_61:aa:c9 HP_61:aa:c9 LLC
14 1998-06-05 17:20:35.547414 Cisco_04:41:bc Cisco_04:41:bc LOOP
15 1998-06-05 17:20:36.572394 HP_61:aa:c9 HP_61:aa:c9 LLC
16 1998-06-05 17:20:37.570132 HP_61:aa:c9 HP_61:aa:c9 LLC

so on ......................

i want the output in following format -- for a day --- in a fixed interval of time
i should be prompt for start date and end date , then start time and end time and duration which is HH ( hours) or MM (minutes ) or SS ( seconds) --- this is offline analysis i am making ,
what is below displayed is what i have extracted from a awk script seperately for a 10 mins duration on a certain date.... but the problem i faced is inserting columns correspondingly -- like some time in a certain duration of time there might not be any count of a certain protocol packet then that entry will not be there in that duration then i will be having trouble in using either join or paste----

so which is better ( what kind of scripting ) can any one help me to do this

also since here the missing ones are left blank -- i want to replace that with 0
since i willl be using that for further analysis ( to add or to generate graph)

ofcourse if we have fixed number of protocols with the first field then join will be easy -- but extracting that count from the initial file is what i am finding a bit tricky

could any one please help me

17:20-7:30 17:30-17:40 17:40-17:50 17:50-18:00 18:00-18:10

ARP 6 20 22 42 20 DNS
204 212 92 50 FTP
593 303 183
FTP-DATA
487 1691 131
HTTP
354 596 528 297 ICMP 2 2 2 2 2 LLC 542 456 441 489 528 LOOP 58 60 60 60 60 NTP 18 20 18 18 20 SMTP
760 1600 409 303 TCP
3333 4939 3640 2622 TELNET

55 77 36 SSL

IP

ICAP

626 6289 9939 5671 3938

renukaprasadb · #2 (**permalink**) 08-20-2008

there is some problem while i copied the output from spreadsheet -- this looks like below

1st row is 10 seconds duration
protocol 17:20-7:30 17:30-17:40 17:40-17:50 17:50-18:00 18:00-18:10
ARP 10 20 30 15 20
UDP 7 3 50 60 44
TELNET 1000 333 333 333 333
ICMP
SMTP
DNS
NetBIOS

etc .....

More UNIX and Linux Forum Topics You Might Find Helpful
Thread	Thread Starter	Forum	Replies	Last Post
add lines automatically based on a field on another file	melanie_pfefer	Shell Programming and Scripting	0	07-24-2008 02:59 AM
ps command - time field	nhatch	UNIX for Dummies Questions & Answers	1	05-12-2008 11:15 AM
generating data for 1 hour	aajan	Shell Programming and Scripting	0	03-17-2008 05:59 AM
Generating files with time interval of fifteen minutes	aajan	Shell Programming and Scripting	0	09-25-2007 01:54 AM
How To Provide Time Sync Using Nts-150 Time Server On Unix Network?	pesty	UNIX for Advanced & Expert Users	2	03-22-2007 02:20 AM

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes	Rate This Thread
Switch to Linear Mode Hybrid Mode Switch to Threaded Mode	Rate This Thread:


	Powered by