[help with grep]

Chris F.A. Johnson c.f.a.johnson-bJEeYj9oJeDQT0dZR+AlfA at public.gmane.org
Mon Dec 15 12:41:17 UTC 2003 

On Mon, 15 Dec 2003, GDHough wrote:

> Please, there must be an easier way...
>
> I am trying to automate my self induced weekly ADMIN duties. I mull through my
> logs on Sunday morning after rotation. They have gotten pretty big since the
> end of August so I sought a means to parse some files for information without
> having to scroll through 20,000 lines.
>
> One nagging problem for me is with grep. For example, if I:
>
> grep DPT=22 /var/log/messages.1 | cat > somefile
>
> somefile would contain not only DPT=22, but also all 220, 2276, 22344 or any
> port 22xxx. I tried the symbols \>, \b, \B thinking they would match the
> emptyness at the end of DPT=22 but they did not work for me. Laugh if you
> must but my solution to this dilema was to get DPT=22 by elimination using
> the invert switch -v like so:
>
> read DIRPATH
> mkdir $DIRPATH/DPT
> grep DPT=22 $DIRPATH/LOG | cat > $DIRPATH/DPT/A
> grep -v DPT=220 $DIRPATH/DPT/A | cat > $DIRPATH/DPT/B
> grep -v DPT=221 $DIRPATH/DPT/B | cat > $DIRPATH/DPT/C
> grep -v DPT=222 $DIRPATH/DPT/C | cat > $DIRPATH/DPT/D
> grep -v DPT=223 $DIRPATH/DPT/D | cat > $DIRPATH/DPT/E
> grep -v DPT=224 $DIRPATH/DPT/E | cat > $DIRPATH/DPT/F
> grep -v DPT=225 $DIRPATH/DPT/F | cat > $DIRPATH/DPT/G
> grep -v DPT=226 $DIRPATH/DPT/G | cat > $DIRPATH/DPT/H
> grep -v DPT=227 $DIRPATH/DPT/H | cat > $DIRPATH/DPT/I
> grep -v DPT=228 $DIRPATH/DPT/I | cat > $DIRPATH/DPT/J
> grep -v DPT=229 $DIRPATH/DPT/J | cat > $DIRPATH/DPT/dp22
> echo "DPT=22"
> grep -c farm $DIRPATH/DPT/dp22
>
> I search for about 40 ports both source and destination. Most high numbered
> ports don't require the elimination method like 8080 because 80800 doesn't
> exist.
>
> After I get the common ports catalogued, I hope to use diff to find what's
> left-over and flag those lines with same source and destination ports. Can I
> simplify the above and thus remove much of the sleep in the script?
>
> Shouldn't grep DPT=22\> work? That's what I'm seeing in the man page.


grep "DPT=\<22\>" /var/log/messages.1 > somefile   ## no need for cat

    Or (if the number is followed by a space):

grep "DPT=22 " /var/log/messages.1 > somefile

    To process all the ports:

for port in 22 220 221 .......
do
   grep "DPT=\<$port\>" /var/log/messages.1 > somefile.$port
done

-- 
	Chris F.A. Johnson
	=================================================================
	cfaj-uVmiyxGBW52XDw4h08c5KA at public.gmane.org                      http://cfaj.freeshell.org
--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml

More information about the Legacy mailing list