From owner-freebsd-questions@FreeBSD.ORG  Wed Aug 27 13:25:04 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 76658106567C
	for <freebsd-questions@freebsd.org>;
	Wed, 27 Aug 2008 13:25:04 +0000 (UTC)
	(envelope-from martin@dc.cis.okstate.edu)
Received: from dc.cis.okstate.edu (dc.cis.okstate.edu [139.78.103.93])
	by mx1.freebsd.org (Postfix) with ESMTP id 4CEEB8FC25
	for <freebsd-questions@freebsd.org>;
	Wed, 27 Aug 2008 13:25:03 +0000 (UTC)
	(envelope-from martin@dc.cis.okstate.edu)
Received: from dc.cis.okstate.edu (localhost.cis.okstate.edu [127.0.0.1])
	by dc.cis.okstate.edu (8.14.2/8.13.8) with ESMTP id m7RDP28b044255
	for <freebsd-questions@freebsd.org>;
	Wed, 27 Aug 2008 08:25:03 -0500 (CDT)
	(envelope-from martin@dc.cis.okstate.edu)
Message-Id: <200808271325.m7RDP28b044255@dc.cis.okstate.edu>
To: freebsd-questions@freebsd.org
Date: Wed, 27 Aug 2008 08:25:02 -0500
From: Martin McCormick <martin@dc.cis.okstate.edu>
Subject: Re: Regular Expression Trouble 
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Aug 2008 13:25:04 -0000

My thanks to several people who have provided great suggestions
and an apology for not being clear on the log data I am mining
for MAC addresses. It is syslog and a typical line looks like:

Aug 26 20:45:36 dh1 dhcpd: DHCPACK on 10.198.67.116 to 00:12:f0:88:97:d6
(peaster-laptop) via 10.198.71.246 

That was one line broken to aid in emailing, but that's what
types of lines are involved. The MAC appears at different field
locations depending on the type of event being logged so awk is
perfect for certain types of lines, but it misses others and no
one awk expression gets them all.

	This is an attempt to isolate every MAC address that
appears and then sort and count them to see who is having
trouble or, in some cases, is causing trouble.

	The sed pattern matching system is interesting because I
can think of several similar situations in which the data are
there but there is no guarantee where on a given line it sits
and grep or sed usually will pull in the whole line containing
the desired data which means that one must further parse things
to get what is wanted.

Martin McCormick