Regular Expression Trouble
Martin McCormick
martin at dc.cis.okstate.edu
Wed Aug 27 13:25:04 UTC 2008
My thanks to several people who have provided great suggestions
and an apology for not being clear on the log data I am mining
for MAC addresses. It is syslog and a typical line looks like:
Aug 26 20:45:36 dh1 dhcpd: DHCPACK on 10.198.67.116 to 00:12:f0:88:97:d6
(peaster-laptop) via 10.198.71.246
That was one line broken to aid in emailing, but that's what
types of lines are involved. The MAC appears at different field
locations depending on the type of event being logged so awk is
perfect for certain types of lines, but it misses others and no
one awk expression gets them all.
This is an attempt to isolate every MAC address that
appears and then sort and count them to see who is having
trouble or, in some cases, is causing trouble.
The sed pattern matching system is interesting because I
can think of several similar situations in which the data are
there but there is no guarantee where on a given line it sits
and grep or sed usually will pull in the whole line containing
the desired data which means that one must further parse things
to get what is wanted.
Martin McCormick
More information about the freebsd-questions
mailing list