Shell Programming and Scripting

This is on a HP-UX system.

I need to merge the 2 reports, for each line in syslog I need to lookup who was logged in to the pts/# based on the time from the last.txt report.

Here is what I get from sulog.log

cat syslog | grep "su:" | grep "Jun 14"


Jul 14 08:02:48 server1 su: - 2 user1-root
Jul 14 09:13:23 server1 su: + 2 user1-root
Jul 14 12:03:03 server1 su: + 2 user1-root
Jul 14 18:15:13 server1 su: + 3 user2-root
Jul 14 15:03:01 server1 su: + 4 user7-root

- 2 = pts/2
+ 2 = pts/2
+ 3 = pts/3
etc....





This is from last report:

head last.txt | grep "Jul 14"
user1 pts/2 10.0.0.1 Thu Jul 14 08:00 - 10:00 (02:00)
user1 pts/2 10.0.0.2 Thu Jul 14 11:00 - 13:00 (02:00)
user2 pts/3 10.0.0.3 Wed Jul 14 16:00 - 20:00 (04:00)
user7 pts/4 hostx Wed Jul 14 13:25 - 16:01 (02:35)
.
.
.
.

So I could get:

Jul 14 08:02:48 server1 su: - 2 user1-root 10.0.0.1
Jul 14 09:13:23 server1 su: + 2 user1-root 10.0.0.1
Jul 14 12:03:03 server1 su: + 2 user1-root 10.0.0.2
Jul 14 18:15:13 server1 su: + 3 user2-root 10.0.0.3
Jul 14 15:03:01 server1 su: + 4 user7-root hostx

Any assistance would be great.

If you have the first output in file1 and the second output in file2:

Code:

awk '
NR==FNR{split($2,s,"/");i=s[2];a[i]=$3;next}
a[$7]{$0=$0 FS a[$7]}
{print}
' file2 file1

If you get errors use nawk, gawk or /usr/xpg4/bin/awk on Solaris.

Regards

You Rock, that works great...

A couple questions...
Im still learing awk... Can you explain how this works.. What its doing so I dont have to ask about other scripts in the future and I can help others more.

really appreciate it.

Code:

awk '
NR==FNR{split($2,s,"/");i=s[2];a[i]=$3;next}
a[$7]{$0=$0 FS a[$7]}
{print}
' file2 file1

Explanation:

The code for the first file (file2):

Code:

NR==FNR{split($2,s,"/");i=s[2];a[i]=$3;next}

NR==FNR -> is true when we read the first file.
split($2,s,"/") -> we split the second field to get the keys 2, 3 etc.
i=s[2] -> i is now the key
a[i]=$3 -> create an array "a" with the key as index and assign the value of the 3th field to the array
next -> read the next line and skip the rest of the code

The code for the second file (file1):

Code:

a[$7]{$0=$0 FS a[$7]}
{print}

a[$7]{$0=$0 FS a[$7]} -> if the 7th field exists in the array append a fieldseperator and the value of the array after the line (this is the 3th field of the first file)
{print} -> print the line.

Hope this helps.

Regards

ok there is a problem, there is no check based on time.

I would need to check to see who was logged into the pts/# based on what time it was logged.

I know I can do it in perl, but would rather not.

if I have:

Jul 14 08:02:48 server1 su: - 0 user1-root
Jul 14 09:13:23 server1 su: + 0 user1-root
Jul 14 12:03:03 server1 su: + 0 user1-root
Jul 14 18:15:13 server1 su: + 0 user2-root
Jul 14 15:03:01 server1 su: + 0 user7-root


and


user1 pts/0 10.0.0.1 Thu Jul 14 08:00 - 10:00 (02:00)
user1 pts/0 10.0.0.2 Thu Jul 14 11:00 - 13:00 (02:00)
user2 pts/0 10.0.0.3 Wed Jul 14 16:00 - 20:00 (04:00)
user7 pts/0 hostx Wed Jul 14 13:25 - 15:01 (02:35)

I get:

Jul 14 08:02:48 server1 su: - 0 user1-root hostx
Jul 14 09:13:23 server1 su: + 0 user1-root hostx
Jul 14 12:03:03 server1 su: + 0 user1-root hostx
Jul 14 18:15:13 server1 su: + 0 user2-root hostx
Jul 14 15:03:01 server1 su: + 0 user7-root hostx

You must have one or more common fields (a key) in both files to join the files.

Regards

Common fields

Username: "userX" = "userX"-xxxxxxxx

pts: pts/"#" = - "#" userX.......

Time: ##:##:## within ##:## - ##:##

that wont be enough?