Any awk gurus on the list?

David Kelly dkelly at
Fri Aug 20 18:35:53 UTC 2010

On Fri, Aug 20, 2010 at 12:12:20PM -0500, Paul Schmehl wrote:
> But when I add an FS to the script, I get odd results:
> #  awk '!/#/ { FS=";"; for (i=1; i<=NF; i++) { if ( $i ~ /sid/) 
> {mtcmsg[sid]=$i; print mtcmsg[sid]}}}' < 
> /usr/local/etc/snort/rules/mtc.rules.test
> sid:299913;
> sid:52123
> sid:3001441
> sid:1444
> sid:2008120
> sid:5001684
> sid:2001683
> sid:22466
> sid:2002750
> sid:3000003
> sid:292000032
> sid:22000032
> sid:3000000
> sid:2003070
> sid:2003484
> sid:2003603
> sid:31000004
> sid:299998
> Why is the first value indented and not stripped of the semi-colon?

Because field breaks occur first, then the match on the left, and only
when there is a match on the left is the script in {} executed. FS is
global so it sticks around for the next line of input.

I would suggest that you not try to learn awk on the command line but
put your script in a file. Then once you have it working and know what
you are doing put it on a single command line if its simple enough.

David Kelly N4HHE, dkelly at
Whom computers would destroy, they must first drive mad.

More information about the freebsd-questions mailing list