Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Parsing syslog from Linux
Top Forums Shell Programming and Scripting Parsing syslog from Linux Post 303037009 by RudiC on Saturday 20th of July 2019 03:20:04 PM
Old 07-20-2019
Try
Code:
awk '
BEGIN   {HDLN = "eventtime|srcip|dstip|srcport|dstport|transip|transport|action|sessionid"
         MX = split (HDLN, HD, "|")
         print HDLN
        }
        {DL = ""
         for (i=1; i<=MX; i++)  if (match ($0, HD[i] "=[^ ]*")) {L = length(HD[i]) + 1
                                                                 printf "%s%s", DL, substr ($0, RSTART + L, RLENGTH - L)
                                                                 DL = "|"
                                                                }
         printf "\n" 
        }
' file
eventtime|srcip|dstip|srcport|dstport|transip|transport|action|sessionid
1563205189|11.3.3.17|12.0.1.1|50544|443|11.1.1.1|5092|"server-rst"|20639817


EDIT: If you can't make sure all the requested fieds exist in the file, remove the if construct:
Code:
awk '
BEGIN   {HDLN = "eventtime|srcip|dstip|srcport|dstport|transip|transport|action|sessionid"
         MX = split (HDLN, HD, "|")
         print HDLN
        }
        {DL = ""
         for (i=1; i<=MX; i++)  {match ($0, HD[i] "=[^ ]*")
                                 L = length(HD[i]) + 1
                                 printf "%s%s", DL, substr ($0, RSTART + L, RLENGTH - L)
                                 DL = "|"
                                }
         printf "\n" 
        }
' file
eventtime|srcip|dstip|srcport|dstport|transip|transport|action|sessionid
1563205189|11.3.3.17|12.0.1.1|50544|443|11.1.1.1|5092|"server-rst"|20639817
1563205189|11.3.3.17|12.0.1.1||443|11.1.1.1|5092|"server-rst"|20639817
||||||||

In the second data line, the srcport is missing, and the third is empty entirely.
Last edited by RudiC; 07-20-2019 at 05:45 PM..
 

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Need some help with parsing

I have a big xml file with little formatting in it. It contains over 600 messages that I need to break each message out in its own separate file. The xml file looks in the middle of it something like this: </Title></Msg><Msg><Opener> Hello how are you?<Title> Some says hello</Title><Body>... (3 Replies)
Discussion started by: quixoticking11
3 Replies

2. Shell Programming and Scripting

Perl parsing compared to Ksh parsing

#! /usr/local/bin/perl -w $ip = "$ARGV"; $rw = "$ARGV"; $snmpg = "/usr/local/bin/snmpbulkget -v2c -Cn1 -Cn2 -Os -c $rw"; $snmpw = "/usr/local/bin/snmpwalk -Os -c $rw"; $syst=`$snmpg $ip system sysName sysObjectID`; sysDescr.0 = STRING: Cisco Internetwork Operating System Software... (1 Reply)
Discussion started by: popeye
1 Replies

3. Shell Programming and Scripting

Parsing of file for Report Generation (String parsing and splitting)

Hey guys, I have this file generated by me... i want to create some HTML output from it. The problem is that i am really confused about how do I go about reading the file. The file is in the following format: TID1 Name1 ATime=xx AResult=yyy AExpected=yyy BTime=xx BResult=yyy... (8 Replies)
Discussion started by: umar.shaikh
8 Replies

4. Red Hat

Parsing a linux file and formatting it.

Hi, I have a linux file that has data like this.. REQUEST_ID|text^Ctext^Ctext^C REQUEST_ID|text^Ctext^C REQUEST_ID| REQUEST_ID| REQUEST_ID|text^Ctext^Ctext^Ctext^Ctext^Ctext^C.... Where ever I see a ^C character, I need to copy the corresponding REQUEST_ID and that part of the text to a new... (17 Replies)
Discussion started by: charithainfadev
17 Replies

5. Shell Programming and Scripting

Parsing kiwi syslog from Astaro

Hello, I am trying to parse this syslog pulling out and logging results to a file. The information I want is: scrip, scrport, dstip, dstport. I just want the numbers, not including the text part ie srcip=". Problem is, the column locations change, so I can't use the nice awk $1 $2 etc to... (4 Replies)
Discussion started by: rmelnik
4 Replies

6. UNIX for Dummies Questions & Answers

Parsing linux commands through FTP

Hi Techies, I have made a shell script which stores the output of it in a text file. then i wanted to fetch that text file using windows scheduler in my windows xp desktop which i did successfully using the below mentioned ftp .bat file : @echo off @echo ftp_user>ftp_test.scr @echo... (0 Replies)
Discussion started by: gemnian.g
0 Replies

7. Shell Programming and Scripting

Help - Parsing data in XML in Linux

Hi, I have an XML file in Linux and it contains a long string of characters. The last part of the file is like ....... ....... ....... CAD</MarketDescription></InvestorTransaction></AdvisorAccount></DivisionAdvisor></Division>... (3 Replies)
Discussion started by: naveed
3 Replies

8. Shell Programming and Scripting

Specific string parsing in Linux/UNIX

Hi, I have a string which can be completely unstructred. I am looking to parse out values within that String. Here is an example <Random Strings> String1=<some number a> String2=<some number b> String3=<some number c> Satish=<some number d> String4=<some number e> I only want to parse out... (1 Reply)
Discussion started by: satishrao
1 Replies

9. SuSE

Location and name of SYSLOG in SUSE Linux

Esteemed listers, Where is the location of SYSLOG file? In etc/auditd.conf script, the log_file location is '/var/log/audit/audit.log' as below. Is this the location where SYSLOG is stored? Thank you in advance, log_file = /var/log/audit/audit.log log_format = RAW... (3 Replies)
Discussion started by: JDBA
3 Replies

10. Programming

Openlog and syslog in red-hat Linux doesn't write any thing to /var/log/*

Using redhat 64 bit ver 6.2 I have simple c++ app that is trying to write to syslog like this: /* try to write massage into linux log */ void foo::writeToSyslog() { openlog("testlogfoo", 0, 24); // Send the message. ... (1 Reply)
Discussion started by: umen
1 Replies

LEARN ABOUT SUNOS

awk

awk(1)																	    awk(1)

NAME

       awk - pattern scanning and processing language

SYNOPSIS

       /usr/bin/awk [-f progfile] [-Fc] [ ' prog '] [parameters] [filename...]

       /usr/xpg4/bin/awk [-FcERE] [-v assignment...] 'program' -f progfile... [argument...]

       The /usr/xpg4/bin/awk utility is described on the nawk(1) manual page.

       The /usr/bin/awk utility scans each input filename for lines that match any of a set of patterns specified in prog. The prog string must be
       enclosed in single quotes ( ') to protect it from the shell. For each pattern in prog there can be an associated action	performed  when  a
       line  of  a filename matches the pattern. The set of pattern-action statements can appear literally as prog or in a file specified with the
       -f progfile option. Input files are read in order; if there are no files, the standard input is read. The file name '-' means the  standard
       input.

       The following options are supported:

       -f progfile     awk uses the set of patterns it reads from progfile.

       -Fc	       Uses the character c as the field separator (FS) character.  See the discussion of FS below.

USAGE

   Input Lines
       Each  input  line  is  matched  against	the pattern portion of every pattern-action statement; the associated action is performed for each
       matched pattern. Any filename of the form var=value is treated as an assignment, not a filename, and is executed at the time it would  have
       been  opened  if it were a filename. Variables assigned in this manner are not available inside a BEGIN rule, and are assigned after previ-
       ously specified files have been read.

       An input line is normally made up of fields separated by white spaces. (This default can be changed by using the FS  built-in  variable	or
       the -Fc option.) The default is to ignore leading blanks and to separate fields by blanks and/or tab characters. However, if FS is assigned
       a value that does not include any of the white spaces, then leading blanks are not ignored. The fields are denoted $1, $2, ...;	$0  refers
       to the entire line.

   Pattern-action Statements
       A pattern-action statement has the form:

       pattern { action }

       Either  pattern	or  action can be omitted. If there is no action, the matching line is printed. If there is no pattern, the action is per-
       formed on every input line. Pattern-action statements are separated by newlines or semicolons.

       Patterns are arbitrary Boolean combinations ( !, ||, &&, and parentheses) of relational expressions and regular expressions.  A	relational
       expression is one of the following:

       expression relop expression
       expression matchop regular_expression

       where  a relop is any of the six relational operators in C, and a matchop is either ~ (contains) or !~ (does not contain). An expression is
       an arithmetic expression, a relational expression, the special expression

       var in array

       or a Boolean combination of these.

       Regular expressions are as in egrep(1). In patterns they must be surrounded by slashes. Isolated regular expressions in a pattern apply	to
       the  entire line. Regular expressions can also occur in relational expressions. A pattern can consist of two patterns separated by a comma;
       in this case, the action is performed for all lines between the occurrence of the first pattern to the occurrence of the second pattern.

       The special patterns BEGIN and END can be used to capture control before the first input line has been read and after the last  input  line
       has been read respectively. These keywords do not combine with any other patterns.

   Built-in Variables
       Built-in variables include:

       FILENAME        name of the current input file

       FS	       input field separator regular expression (default blank and tab)

       NF	       number of fields in the current record

       NR	       ordinal number of the current record

       OFMT	       output format for numbers (default %.6g)

       OFS	       output field separator (default blank)

       ORS	       output record separator (default new-line)

       RS	       input record separator (default new-line)

       An action is a sequence of statements. A statement can be one of the following:

       if ( expression ) statement [ else statement ]
       while ( expression ) statement
       do statement while ( expression )
       for ( expression ; expression ; expression ) statement
       for ( var in array ) statement
       break
       continue
       { [ statement ] ... }
       expression      # commonly variable = expression
       print [ expression-list ] [ >expression ]
       printf format [ ,expression-list ] [ >expression ]
       next	       # skip remaining patterns on this input line
       exit [expr]     # skip the rest of the input; exit status is expr

       Statements  are	terminated by semicolons, newlines, or right braces. An empty expression-list stands for the whole input line. Expressions
       take on string or numeric values as appropriate, and are built using the operators +, -, *, /, %,  ^  and  concatenation  (indicated  by  a
       blank).	The  operators	++,  --,  +=, -=, *=, /=, %=, ^=, >, >=, <, <=, ==, !=, and ?: are also available in expressions. Variables can be
       scalars, array elements (denoted x[i]), or fields. Variables are initialized to the null string	or  zero.  Array  subscripts  can  be  any
       string,	not  necessarily numeric; this allows for a form of associative memory. String constants are quoted (""), with the usual C escapes
       recognized within.

       The print statement prints its arguments on the standard output, or on a file if >expression is present, or on a pipe if '|cmd' is present.
       The  output resulted from the print statement is terminated by the output record separator with each argument separated by the current out-
       put field separator. The printf statement formats its expression list according to the format (see printf(3C)).

   Built-in Functions
       The arithmetic functions are as follows:

       cos(x)	       Return cosine of x, where x is in radians. (In /usr/xpg4/bin/awk only. See nawk(1).)

       sin(x)	       Return sine of x, where x is in radians. (In /usr/xpg4/bin/awk only. See nawk(1).)

       exp(x)	       Return the exponential function of x.

       log(x)	       Return the natural logarithm of x.

       sqrt(x)	       Return the square root of x.

       int(x)	       Truncate its argument to an integer. It is truncated toward 0 when x > 0.

       The string functions are as follows:

       index(s, t)

	   Return the position in string s where string t first occurs, or 0 if it does not occur at all.

       int(s)

	   truncates s to an integer value. If s is not specified, $0 is used.

       length(s)

	   Return the length of its argument taken as a string, or of the whole line if there is no argument.

       split(s, a, fs)

	   Split the string s into array elements a[1], a[2], ... a[n], and returns n. The separation is done with the regular	expression  fs	or
	   with the field separator FS if fs is not given.

       sprintf(fmt, expr, expr,...)

	   Format the expressions according to the printf(3C) format given by fmt and returns the resulting string.

       substr(s, m, n)

	   returns the n-character substring of s that begins at position m.

       The input/output function is as follows:

       getline	       Set $0 to the next input record from the current input file. getline returns 1 for successful input, 0 for end of file, and
		       -1 for an error.

   Large File Behavior
       See largefile(5) for the description of the behavior of awk when encountering files greater than or equal to 2 Gbyte ( 2**31 bytes).

       Example 1: Printing Lines Longer Than 72 Characters

       The following example is an awk script that can be executed by an awk -f examplescript style command. It prints lines longer  than  seventy
       two characters:

       length > 72

       Example 2: Printing Fields in Opposite Order

       The  following  example	is  an awk script that can be executed by an awk -f examplescript style command. It prints the first two fields in
       opposite order:

       { print $2, $1 }

       Example 3: Printing Fields in Opposite Order with the Input Fields Separated

       The following example is an awk script that can be executed by an awk -f examplescript style command. It prints the first two input  fields
       in opposite order, separated by a comma, blanks or tabs:

       BEGIN { FS = ",[ 	]*|[ 	]+" }
	     { print $2, $1 }

       Example 4: Adding Up the First Column, Printing the Sum and Average

       The  following  example	is  an awk script that can be executed by an awk -f examplescript style command.  It adds up the first column, and
       prints the sum and average:

       { s += $1 }
       END  { print "sum is", s, " average is", s/NR }

       Example 5: Printing Fields in Reverse Order

       The following example is an awk script that can be executed by an awk -f examplescript style command. It prints fields in reverse order:

       { for (i = NF; i > 0; --i) print $i }

       Example 6: Printing All lines Between start/stop Pairs

       The following example is an awk script that can be executed by an  awk  -f  examplescript  style  command.  It  prints  all  lines  between
       start/stop pairs.

       /start/, /stop/

       Example 7: Printing All Lines Whose First Field is Different from the Previous One

       The following example is an awk script that can be executed by an awk -f examplescript style command. It prints all lines whose first field
       is different from the previous one.

       $1 != prev { print; prev = $1 }

       Example 8: Printing a File and Filling in Page numbers

       The following example is an awk script that can be executed by an awk -f examplescript style command. It prints a file and  fills  in  page
       numbers starting at 5:

       /Page/	 { $2 = n++; }
		    { print }

       Example 9: Printing a File and Numbering Its Pages

       Assuming this program is in a file named prog, the following example prints the file input numbering its pages starting at 5:

       example% awk -f prog n=5 input

       See  environ(5)	for  descriptions  of  the  following  environment  variables  that affect the execution of awk: LANG, LC_ALL, LC_COLLATE,
       LC_CTYPE, LC_MESSAGES, NLSPATH, and PATH.

       LC_NUMERIC      Determine the radix character used when interpreting numeric input, performing conversions between numeric and string  val-
		       ues  and  formatting  numeric  output. Regardless of locale, the period character (the decimal-point character of the POSIX
		       locale) is the decimal-point character recognized in processing awk programs (including assignments in  command-line  argu-
		       ments).

       See attributes(5) for descriptions of the following attributes:

   /usr/bin/awk
       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWesu			   |
       +-----------------------------+-----------------------------+
       |CSI			     |Not Enabled		   |
       +-----------------------------+-----------------------------+

   /usr/xpg4/bin/awk
       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWxcu4			   |
       +-----------------------------+-----------------------------+
       |CSI			     |Enabled			   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |Standard			   |
       +-----------------------------+-----------------------------+

       egrep(1), grep(1), nawk(1), sed(1), printf(3C), attributes(5), environ(5), largefile(5), standards(5)

       Input white space is not preserved on output if fields are involved.

       There  are  no explicit conversions between numbers and strings. To force an expression to be treated as a number, add 0 to it. To force an
       expression to be treated as a string, concatenate the null string ("") to it.

								    22 Jun 2005 							    awk(1)
All times are GMT -4. The time now is 07:59 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy