From owner-freebsd-questions@FreeBSD.ORG Sat Aug 21 00:06:28 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9F2321065695 for ; Sat, 21 Aug 2010 00:06:28 +0000 (UTC) (envelope-from 849372@gmail.com) Received: from mail-qw0-f54.google.com (mail-qw0-f54.google.com [209.85.216.54]) by mx1.freebsd.org (Postfix) with ESMTP id 502568FC0C for ; Sat, 21 Aug 2010 00:06:27 +0000 (UTC) Received: by qwg5 with SMTP id 5so3970187qwg.13 for ; Fri, 20 Aug 2010 17:06:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:sender:reply-to:received :in-reply-to:references:date:x-google-sender-auth:message-id:subject :from:to:cc:content-type; bh=Meqs7AffVbuJiPMbk/Q16VQdo6K9q8thj40t9XSWepE=; b=ciXh9Q4gNFA7V7qCu7tMnoTlNHQGgFu2i6MZtRII91EZmW5DxzI31YAuIEROzFq+08 skONpeOk48O6bt/J/SqEK8s5XIoYbsTgtBeuNOqa03V+k8uxJIznd9FuMGOilWQHCgnm Yq/blk8GNGHFy89wEyAUIZ6LoqrXXtRiLemmg= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:reply-to:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; b=DWWhwtciVjMMAnBkH+zGE/3cM24iSmk5t9lFN5inw/8Rg70ufg5ePltdHaeV2tFOJs phcWQ8NmJP9cn6GhyzjihfJd5xQ/O16ku4V9tRxJHoXC75i3BYFTusgxHbK3N0E86w/W E4a4is6Fe5EMFY5IFYMmbDCoDgd55Ezy0reJs= MIME-Version: 1.0 Received: by 10.229.2.3 with SMTP id 3mr472927qch.266.1282349186547; Fri, 20 Aug 2010 17:06:26 -0700 (PDT) Sender: 849372@gmail.com Received: by 10.229.92.19 with HTTP; Fri, 20 Aug 2010 17:06:26 -0700 (PDT) In-Reply-To: <23BA961B74BA2B5CA8B523F9@utd65257.utdallas.edu> References: <23BA961B74BA2B5CA8B523F9@utd65257.utdallas.edu> Date: Fri, 20 Aug 2010 19:36:26 -0430 X-Google-Sender-Auth: Z2J9VVKonBuCNIAarvn3I-185Ys Message-ID: From: Andres Perera To: Paul Schmehl Content-Type: text/plain; charset=UTF-8 Cc: FreeBSD Questions Subject: Re: Any awk gurus on the list? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: 849372@gmail.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Aug 2010 00:06:28 -0000 On Fri, Aug 20, 2010 at 12:42 PM, Paul Schmehl wrote: > I'm trying to figure out how to use awk to parse values from a string of > unknown length and unknown fields using awk, from within a shell script, and > write those values to a file in a certain order. > > Here's a typical string that I want to parse: > > alert ip > [50.0.0.0/8,100.0.0.0/6,104.0.0.0/5,112.0.0.0/6,173.0.0.0/8,174.0.0.0/7,176.0.0.0/5,184.0.0.0/6] > any -> $HOME_NET any (msg:"ET POLICY Reserved IP Space Traffic - Bogon Nets > 2"; classtype:bad-unknown; > reference:url,www.cymru.com/Documents/bogon-list.html; threshold: type > limit, track by_src, count 1, seconds 360; sid:2002750; rev:10;) There's really no need for tr nor sed in awk since it has sub(). #!/usr/bin/awk -f BEGIN { RS = ";" } $1 ~ /^sid:/ { sub(/^[[:space:]]*/,"") print } If you want to get other fields, making it into a function won't be comfortable. You'd be better off using perl or lua in that case. Andres