regex question - UNIX for Dummies Questions & Answers

rocketkids · #1 02-11-2004

hi,
i got a problem with understanding regular expressions. what i wanna do is
scanning the wtmp logfile for ips and if a specific ip is echoed id like to be a part of a text to be assigned to it.

the scanning is done with

Code:

#! /bin/bash

cat wtmp | strings | egrep -o "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]" | sort -u

and this works quite fine.

now if an ip (for example 100.116.77.8) is given out id like a piece of a text to be echoed to the bash.

now my questions:
how can i do that? i got a kind-of-a-dictionary-file which looks like that: (i dont really understand it completely...)

Code:

#! /bin/bash

if [ $# -lt 2 ] ; then
   echo "usage: $0 <arglist regex>"
   exit 1
fi

VAR=`cat input.txt` 

#echo "$VAR"
TXT=""

for i in $* ; do 
   #echo $i
   #echo "$VAR" | grep "^$i " | cut -d " " -f2- | sed -e "s/^\"//" | sed -e "s/\"$//" 
   tmp=`echo "$VAR" | grep "^$i " | cut -d " " -f2- | sed -e "s/^\"//" | sed -e "s/\"$//"`
   TXT="$TXT $tmp"
   
done

echo "$TXT" | tr -s " "

and i got the textfile input.txt where the text to be echoed when a ip is given out from the wtmp is stored.
it looks like that:

100.116.77.8 = blahblah
100.126.77.8 = bangbang
....

can anybody help me set up a complete script that does all that? thank you in advance

added code tags

oombera · #2 02-11-2004

Here's a nice little tutorial I found while looking around: The UNIX Bourne Shell

Also, a good Getting started with awk tutorial ... in case you're interested in learning more about regular expressions.

But anyway...

I'm having a hard time understanding exactly what you're trying to do.

You're grabbing IP addresses out of the WTMP file. I use ksh, but I think this will work for you:

Code:

#! /bin/bash

cat wtmp | strings | egrep "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]" | sort -u | while read LINE
do
  grep $LINE input.txt
done

If you only want to print the text part from input.txt, then use:

Code:

#! /bin/bash

cat wtmp | strings | egrep "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]" | sort -u | while read LINE
do
  grep $LINE input.txt | awk '{print $3}'
done

rocketkids · #3 02-11-2004

hi oombera,
thank you very much for your effort.
the scripts are working, but they dont do anything...as i said, im new to programming...

maybe it helps when i try to tell what i want to do:

i get the IPs from the wtmp with my script (which should be looped so that every 5 seconds the wtmp log is searched through), then i have for example 20 different IPs.
lets say one of them is 195.100.0.0.
every time my script gives me that IP (because the user with that IP logged on or off and gets logged in the wtmp) i want a part of a text to be sent to the bash.
its kind of a feedback system...so my bash gets bits of text mapped onto the ips....

i hope it got a lil bit more clear this time...excuse me, i really have got problems to put my ideas into words...lol

oombera · #4 02-11-2004

First, see if you even get any output with the code you first listed:

Code:

#! /bin/bash

cat wtmp | strings | egrep "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]" | sort -u

(note: i took the -o option out of egrep ... i don't have that option so it gives me an error)

If that works, try this and see if you get anything on screen:

Code:

#! /bin/bash

cat wtmp | strings | egrep "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]" | sort -u | while read LINE; do echo $LINE; done

If that works, then I want you to actually list a few real lines from input.txt so I can see what that file looks like.

rocketkids · #5 02-11-2004

hi,
your scripts are working and i get the ips from the wtmp listed on my screen, i just had to add the dir /var/log/wtmp .

my input.txt contains lines like

100.195.123.123 = whats happening here
120.241.212.111 = i want a bratwurst baby

something like that...

now if 100.195.123.123 is in the output of wtmp.sh "whats happening here" should be written on my bash and in the syslog.

i dont really know how to do that...

oombera · #6 02-11-2004

Code:

#! /bin/bash

cat /var/log/wtmp | egrep "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]" | sort -u | while read LINE
do
  grep $LINE input.txt | awk '{if ($3 != "") for (i=3; i<=NF; i+=1) printf $i " "} END {if ($3 != "") print ""}' | tee -a some/logfile
done

rocketkids · #7 02-12-2004

thank you very much!
its working!

More UNIX and Linux Forum Topics You Might Find Helpful
Thread	Thread Starter	Forum	Replies	Last Post
RegEx question has me stumped	tolmark	UNIX for Dummies Questions & Answers	7	08-18-2007 03:20 PM
regex question	xiamin	Shell Programming and Scripting	2	07-16-2007 04:40 AM
Quick regex question	retrovertigo	Shell Programming and Scripting	1	07-06-2007 01:49 PM
regex question	arushunter	Shell Programming and Scripting	8	01-04-2007 02:49 PM
Newbie Regex Question	ciremg01	UNIX for Dummies Questions & Answers	0	11-30-2005 02:30 PM

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode