Date: Wed, 27 Aug 2008 23:43:52 +0930 From: Wayne Sierke <ws@au.dyndns.ws> To: Martin McCormick <martin@dc.cis.okstate.edu> Cc: freebsd-questions@freebsd.org Subject: Re: Regular Expression Trouble Message-ID: <1219846432.49053.237.camel@predator-ii.buffyverse> In-Reply-To: <200808271325.m7RDP28b044255@dc.cis.okstate.edu> References: <200808271325.m7RDP28b044255@dc.cis.okstate.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 2008-08-27 at 08:25 -0500, Martin McCormick wrote:
> My thanks to several people who have provided great suggestions
> and an apology for not being clear on the log data I am mining
> for MAC addresses. It is syslog and a typical line looks like:
>
> Aug 26 20:45:36 dh1 dhcpd: DHCPACK on 10.198.67.116 to 00:12:f0:88:97:d6
> (peaster-laptop) via 10.198.71.246
>
> That was one line broken to aid in emailing, but that's what
> types of lines are involved. The MAC appears at different field
> locations depending on the type of event being logged so awk is
> perfect for certain types of lines, but it misses others and no
> one awk expression gets them all.
The way to deal with that is to specify a pattern to match something
that distinguishes each form of log line that you want to extract from.
With the following (contrived) log data:
Aug 26 20:45:36 dh1 dhcpd: DHCPDISCOVER from 00:12:f0:88:97:d6 (peaster-laptop) via eth0
Aug 26 20:45:36 dh1 dhcpd: DHCPACK on 10.198.67.116 to 00:12:f0:88:97:d6 (peaster-laptop) via 10.198.71.246
use awk with a script such as:
awk '/DHCPDISCOVER/ {print $8} /DHCPACK/ {print $10}' logfile
Wayne
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1219846432.49053.237.camel>