[help with grep]
GDHough
mr6re9-mI4xJ4qlgtBiLUuM0BA3LQ at public.gmane.org
Mon Dec 15 12:04:39 UTC 2003
Please, there must be an easier way...
I am trying to automate my self induced weekly ADMIN duties. I mull through my
logs on Sunday morning after rotation. They have gotten pretty big since the
end of August so I sought a means to parse some files for information without
having to scroll through 20,000 lines.
One nagging problem for me is with grep. For example, if I:
grep DPT=22 /var/log/messages.1 | cat > somefile
somefile would contain not only DPT=22, but also all 220, 2276, 22344 or any
port 22xxx. I tried the symbols \>, \b, \B thinking they would match the
emptyness at the end of DPT=22 but they did not work for me. Laugh if you
must but my solution to this dilema was to get DPT=22 by elimination using
the invert switch -v like so:
read DIRPATH
mkdir $DIRPATH/DPT
grep DPT=22 $DIRPATH/LOG | cat > $DIRPATH/DPT/A
grep -v DPT=220 $DIRPATH/DPT/A | cat > $DIRPATH/DPT/B
grep -v DPT=221 $DIRPATH/DPT/B | cat > $DIRPATH/DPT/C
grep -v DPT=222 $DIRPATH/DPT/C | cat > $DIRPATH/DPT/D
grep -v DPT=223 $DIRPATH/DPT/D | cat > $DIRPATH/DPT/E
grep -v DPT=224 $DIRPATH/DPT/E | cat > $DIRPATH/DPT/F
grep -v DPT=225 $DIRPATH/DPT/F | cat > $DIRPATH/DPT/G
grep -v DPT=226 $DIRPATH/DPT/G | cat > $DIRPATH/DPT/H
grep -v DPT=227 $DIRPATH/DPT/H | cat > $DIRPATH/DPT/I
grep -v DPT=228 $DIRPATH/DPT/I | cat > $DIRPATH/DPT/J
grep -v DPT=229 $DIRPATH/DPT/J | cat > $DIRPATH/DPT/dp22
echo "DPT=22"
grep -c farm $DIRPATH/DPT/dp22
I search for about 40 ports both source and destination. Most high numbered
ports don't require the elimination method like 8080 because 80800 doesn't
exist.
After I get the common ports catalogued, I hope to use diff to find what's
left-over and flag those lines with same source and destination ports. Can I
simplify the above and thus remove much of the sleep in the script?
Shouldn't grep DPT=22\> work? That's what I'm seeing in the man page.
Thanks,
farmer6re9
--
Eating Crow is better with MyCrowSauce
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list