Regular Expression Trouble
Wayne Sierke
ws at au.dyndns.ws
Wed Aug 27 14:13:58 UTC 2008
On Wed, 2008-08-27 at 08:25 -0500, Martin McCormick wrote:
> My thanks to several people who have provided great suggestions
> and an apology for not being clear on the log data I am mining
> for MAC addresses. It is syslog and a typical line looks like:
>
> Aug 26 20:45:36 dh1 dhcpd: DHCPACK on 10.198.67.116 to 00:12:f0:88:97:d6
> (peaster-laptop) via 10.198.71.246
>
> That was one line broken to aid in emailing, but that's what
> types of lines are involved. The MAC appears at different field
> locations depending on the type of event being logged so awk is
> perfect for certain types of lines, but it misses others and no
> one awk expression gets them all.
The way to deal with that is to specify a pattern to match something
that distinguishes each form of log line that you want to extract from.
With the following (contrived) log data:
Aug 26 20:45:36 dh1 dhcpd: DHCPDISCOVER from 00:12:f0:88:97:d6 (peaster-laptop) via eth0
Aug 26 20:45:36 dh1 dhcpd: DHCPACK on 10.198.67.116 to 00:12:f0:88:97:d6 (peaster-laptop) via 10.198.71.246
use awk with a script such as:
awk '/DHCPDISCOVER/ {print $8} /DHCPACK/ {print $10}' logfile
Wayne
More information about the freebsd-questions
mailing list