Any awk gurus on the list?

Andres Perera andres.perera at
Sat Aug 21 00:06:28 UTC 2010

On Fri, Aug 20, 2010 at 12:42 PM, Paul Schmehl <pschmehl_lists at> wrote:
> I'm trying to figure out how to use awk to parse values from a string of
> unknown length and unknown fields using awk, from within a shell script, and
> write those values to a file in a certain order.
> Here's a typical string that I want to parse:
> alert ip
> [,,,,,,,]
> any -> $HOME_NET any (msg:"ET POLICY Reserved IP Space Traffic - Bogon Nets
> 2"; classtype:bad-unknown;
> reference:url,; threshold: type
> limit, track by_src, count 1, seconds 360; sid:2002750; rev:10;)

There's really no need for tr nor sed in awk since it has sub().

#!/usr/bin/awk -f

        RS = ";"

$1 ~ /^sid:/ {

If you want to get other fields, making it into a function won't be
comfortable. You'd be better off using perl or lua in that case.


