Doesn't work on Solaris but works perfectly on Linux. Thanks a lot. Not even our supposedly 'smartest' SA can figure out what to do. You're a genius.
Sorry forgot to say am trying to do this on Solaris. I have to do the sed on Linux and copy the file back to Solaris. Any idea how to go on the Solaris 8/10?
Can't quite work out or understand 100% what your code does though? Do you mind providing answers to my questions?
01 - Why are you escaping the # in the beginning?
02 - The p before the (_ is because I want to match a single p? Is that correct?
03 - The #s//\1t\2/ is the one that I don't understand for the most part. Is it doing another search?
Thanks for giving your time and effort to answer questions and helping newbies like me understand awk.
I have a huge file, millions of lines, so perl takes quite a bit of time, I'd like to convert these perl one liners to awk.
Basically I'd like all lines with ISA sandwiched between... (9 Replies)
Hi guys, I asked for help on programming forums and no one didn't helped me so I ask for help here. I am playing with some tasks from my book and I can't figure where did I get wrong.
From the first program I get a blank screen, program won't generate 10*10 matrix.
And second problem is I... (6 Replies)
Hi,
I need to run a search and replace on a large database,
what I need to change is all instances of
#### (eg. 1764 or 1964)
to
(####) (eg. (1764) or (1964))
But there might be other numbers in there such as
(1764) and I do not need those changed to ((1764))
How can I... (7 Replies)
Hi,
I'm trying to match the front and back of a sequence. It works when there is an exact match (obviously), but I need the regex to be more flexible. When we get strings of nucleotides sometimes their prefixes and suffixes aren't exact matches. Sometimes there will be an extra letter and... (2 Replies)
I have file which contains data in the following format all in a single line:
BDW_PUBLN_ID DECIMAL(18:0) NOT NULL PRIMARY INDEX ARGO_ACCT_DEP_PI ( OFC_ID ,CSHBX_ID ,TRXN_SEQ_NUM ,PROCG_DT ) PARTITION BY RANGE_N(PROCG_DT BETWEEN DATE '2012-03-01' AND DATE '2014-12-31' EACH INTERVAL '1' MONTH );... (4 Replies)
Basically what the title says. Had to replace the motherboard on an HP DL380 G6 today, of course now the embedded NICs don't work because the ifcfg-eth files have the MAC addresses for the embedded NICs from the old machine.
How can I find the new/correct MAC addresses so I can edit the... (2 Replies)
Have Pipe Delimited File:
> BRYAN BAKER|4/4/2015|518 VIRGINIA AVE|TEST
> JOE BAXTER|3/30/2015|2233 MockingBird RD|ROW2On 3rd column where the address is located, I want to add a space after every numeric value - basically doing a "s//&\ / ":
> BRYAN BAKER|4/4/2015|5 1 8 VIRGINIA AVE|TEST
> JOE... (5 Replies)
Discussion started by: svn
5 Replies
LEARN ABOUT CENTOS
ausearch_add_item
AUSEARCH_ADD_ITEM(3) Linux Audit API AUSEARCH_ADD_ITEM(3)NAME
ausearch_add_item - build up search rule
SYNOPSIS
#include <auparse.h>
int ausearch_add_item(auparse_state_t *au, const char *field, const char *op, const char *value, ausearch_rule_t how);
DESCRIPTION
ausearch_add_item adds one search condition to the current audit search expression. The search conditions can then be used to scan logs,
files, or buffers for something of interest. The field value is the field name that the value will be checked for. The op variable
describes what kind of check is to be done. Legal op values are:
exists
just check that a field name exists
=
locate the field name and check that the value associated with it is equal to the value given in this rule.
!=
locate the field name and check that the value associated with it is NOT equal to the value given in this rule.
The value parameter is compared to the uninterpreted field value. If you are trying to match against a field who's type is
AUPARSE_TYPE_ESCAPED, you will want to use the ausearch_add_interpreted_item() function instead.
The how value determines how this search condition will affect the existing search expression if one is already defined. The possible val-
ues are:
AUSEARCH_RULE_CLEAR
Clear the current search expression, if any, and use only this search condition.
AUSEARCH_RULE_OR
If a search expression E is already configured, replace it by (E || this_search_condition).
AUSEARCH_RULE_AND
If a search expression E is already configured, replace it by (E && this_search_condition).
RETURN VALUE
Returns -1 if an error occurs; otherwise, 0 for success.
SEE ALSO ausearch_add_expression(3), ausearch_add_interpreted_item(3), ausearch_add_timestamp_item(3), ausearch_add_regex(3), ausearch_set_stop(3),
ausearch_clear(3), ausearch_next_event(3), ausearch-expression(5).
AUTHOR
Steve Grubb
Red Hat Feb 2012 AUSEARCH_ADD_ITEM(3)