I am trying to parse this syslog pulling out and logging results to a file. The information I want is: scrip, scrport, dstip, dstport. I just want the numbers, not including the text part ie srcip=". Problem is, the column locations change, so I can't use the nice awk $1 $2 etc to idenify the wanted data. I have read enough scripting posts that my head is spinning. It seems, everyones columns stay the same, hence my issue. Here is a snippit of the log file:
Notice that some lines have, outitf and others do not. Any help will be greatly apprciated. I want to stick with learning scripting, but this is driving me crazy.
Thanks again,
Bob
Moderator's Comments:
Please use code tags when posting data and code samples!
Last edited by vgersh99; 05-02-2011 at 02:23 PM..
Reason: code tags, please!
wow, thank you for this information. I had no idea about the full syntax usage of any of those commands. Talk about a head start in learning scripting. I am speechless.
thanks again,
bob
I've run into a strange situation. When I run the scripts using mobaxterm, everything is fine. However, when I run it under Ubuntu, I see no output. It is moving the cursor but zero output. When I pipe it to an output file, nothing is written to it.
I suspect your awk doesn't support multiple Field separator definition so it just put the whole line in $1 that is the reason why you only get blank lines returned.
On your Ubuntu machine, try replacing "awk" with "gawk" :
ou can alternately try (with your ubuntu standard awk)