Hi...
i just want to write a script for the follwing command "display status" and the normal output is...
AN100> display status
12.13.2006 12:03:25 AN-2000-1 CC NOT PRESENT 16.50.80.49
status: Status for PACKET GLI A in the TOP / LEFT shelf of frame 0:
status: The current active LAN is... (5 Replies)
Hi all;
I'm stuck with this simple awk script,i need to group the lines which the position of 28 length 3 that contains "688" into 1 group and other than "688" into another group. My problem is the script only read other than "688" and ignores the lines which contains "688".
The file look... (2 Replies)
Hi Guys,
I just wanted to print all the lines execpt 1st and 3rd line. For that i wrote a awk command,
awk 'NR != 1 || NR != 3 {print $0}' c.out
the command is working if i give an equal to instead of not equal to.
In the case of not equal to, it gives me the entire file.
Can you... (18 Replies)
Hi, I need little help with awk's if condition statement. I have following code:
$ ssh myRemotehost 'ps ww -fu tomcat ' | awk ' { if ($1 == "tomcat") print "tomcat (pid " $2 ") is running... "; else print "tomcat stopped or dead" }'
Prints:
tomcat stopped or dead
tomcat (pid 12345) is... (6 Replies)
Hello experts,
I'm stuck with this script for three days now. Here's what i need.
I need to split a large delimited (,) file into 2 files based on the value present in the last field.
Samp: Something.csv
bca,adc,asdf,123,12C
bca,adc,asdf,123,13C
def,adc,asdf,123,12A
I need this split... (6 Replies)
Hi Friends,
I have an input file like this
cat input
chr1 100 200 1 2
chr1 120 130 na 1
chr1 140 160 1 na
chr1 170 180 na na
chr1 190 220 0 0
chr1 220 230 nd 1
chr2 330 400 1 nd
chr2 410 450 nd nd
chr3 500 700 1 1
I want to calculate the division of 4th and 5th columns. But, if... (3 Replies)
Need help in awk command.
Need to check 4th column of a file, if it is CAR then awk should print as is and if 4th column is not present, awk should print BIKE
Input File content :
1,abc,55,CAR
3,bb,dd,CAR
5,ddd,tttt
8,ee,55
---------------------
Out put will look like:
1,abc,55,CAR... (6 Replies)
Hi Gurus,
one of my current script, there is awk statement as below:
awk '{a=a?a" "$3:$3}END{for (i in a) print i,a}'
I don't understand what's "{a=a?a" "$3:$3}" mean?
can anybody give me a brief explaination.
thanks in advance. (3 Replies)
Hi All,
I have the below Input:
1 700 1200 400 1300
2 2000 1000 2000 1500 600
3 1400 200 1000 1000 1200
4 1300 500 600 200
I want to modify the field 5 and field 4 as below.
If value in field 5 is null then value of field 4 should be in field 5. and then the value of... (12 Replies)
Hello All,
I have developed a script which selects a particular filed from a file ,trims it,searches for a particular pattern and then mail it when found.
cat test_file.txt |sed -n '5,$p'|sed -e 's/ //g'|awk -F'|' '{if ($4 !="Alive") print $1,$2,$3,$4}' >> proc_not_alive.txt
It is... (4 Replies)
Discussion started by: karthik adiga
4 Replies
LEARN ABOUT SUSE
ausearch_add_item
AUSEARCH_ADD_ITEM(3) Linux Audit API AUSEARCH_ADD_ITEM(3)NAME
ausearch_add_item - build up search rule
SYNOPSIS
#include <auparse.h>
int ausearch_add_item(auparse_state_t *au, const char *field, const char *op, const char *value, ausearch_rule_t how);
DESCRIPTION
ausearch_add_item adds one search condition to the current audit search expression. The search conditions can then be used to scan logs,
files, or buffers for something of interest. The field value is the field name that the value will be checked for. The op variable
describes what kind of check is to be done. Legal op values are:
exists
just check that a field name exists
=
locate the field name and check that the value associated with it is equal to the value given in this rule.
!=
locate the field name and check that the value associated with it is NOT equal to the value given in this rule.
The value parameter is compared to the uninterpreted field value.
The how value determines how this search condition will affect the existing search expression if one is already defined. The possible val-
ues are:
AUSEARCH_RULE_CLEAR
Clear the current search expression, if any, and use only this search condition.
AUSEARCH_RULE_OR
If a search expression E is already configured, replace it by (E || this_search_condition).
AUSEARCH_RULE_AND
If a search expression E is already configured, replace it by (E && this_search_condition).
RETURN VALUE
Returns -1 if an error occurs; otherwise, 0 for success.
SEE ALSO ausearch_add_expression(3), ausearch_add_interpreted_item(3), ausearch_add_timestamp_item(3), ausearch_add_regex(3), ausearch_set_stop(3),
ausearch_clear(3), ausearch_next_event(3), ausearch-expression(5).
AUTHOR
Steve Grubb
Red Hat Nov 2007 AUSEARCH_ADD_ITEM(3)