I am trying to parse this syslog pulling out and logging results to a file. The information I want is: scrip, scrport, dstip, dstport. I just want the numbers, not including the text part ie srcip=". Problem is, the column locations change, so I can't use the nice awk $1 $2 etc to idenify the wanted data. I have read enough scripting posts that my head is spinning. It seems, everyones columns stay the same, hence my issue. Here is a snippit of the log file:
Notice that some lines have, outitf and others do not. Any help will be greatly apprciated. I want to stick with learning scripting, but this is driving me crazy.
Thanks again,
Bob
Moderator's Comments:
Please use code tags when posting data and code samples!
Last edited by vgersh99; 05-02-2011 at 02:23 PM..
Reason: code tags, please!
Hello,
I'm facing problem to extract fields from below syslog :
logver=56 idseq=63256900099118326 itime=1563205190 devid=FG-5KDTB18800138 devname=LAL-C1-FGT-03 vd=USER date=2019-07-15 time=18:39:49 logid="0000000013" type="traffic"
subtype="forward" level="notice" eventtime=1563205189... (17 Replies)
Discussion started by: arm
17 Replies
LEARN ABOUT DEBIAN
arpsend
arpsend(8) Containers arpsend(8)NAME
arpsend - send ARP requests
SYNOPSIS
arpsend -D -e target_ip [ -e target_ip ...] [-c count] [-w timeout] interface
arpsend -U -i source_ip [-c count] [-w timeout] interface
DESCRIPTION
Utility arpsend sends ARP packets on device interface to detect or update neighbours' ARP caches with a given IP.
COMMANDS
Run utility with one of the following commands:
-D Send broadcast ARP request to detect neighbours with target_ip. You have to specify target_ip (-e option).
-U Send broadcast ARP request to update neighbours' ARP caches with source_ip. You have to specify source_ip (-i option).
OPTIONS -c count
Number of packets to send. Default is infinity.
-w interval
Interval between packets, in seconds. Default is 1 second.
-i source_ip_address
Set source IP address field in ARP packet.
-e target_ip_address
Set target IP address field in ARP packet. Note that you can specify -e option multiple times to detect many IP addresses in one
utility call.
EXIT STATUS
arpsend returns 0 upon successful execution. If something goes wrong, it returns an appropriate error code.
1 EXC_USAGE
Usage error
2 EXC_SYSTEM
System error
3 EXC_RECV
ARP reply was received
EXAMPLES
To send request on interface eth0 to detect any neighbour computers with IP 192.168.10.200:
arpsend -D -e 192.168.10.200 eth0
To send request on interface eth0 to update neighbours' ARP caches with IP 192.168.10.200:
arpsend -U -i 192.168.10.200 eth0
NOTES
Interface you use have to be arpable and not be loopback (i.e. /sbin/ip link show interface should show neither NOARP nor LOOPBACK flags
in interface parameters).
SEE ALSO vzctl(8).
LICENSE
Copyright (C) 2000-2011, Parallels, Inc. Licensed under GNU GPL.
OpenVZ 28 Jun 2011 arpsend(8)
05-02-2011
