 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Mac Forum / Country Specific / UK Mac Group / September 2007[[OT]{slightly} One for the command line weenies
I want to tail the output of a file that looks like this: Sep 28 12:31:32 wotan kernel: ipfw: 65435 Deny TCP 212.152.232.68:4646 192.168.2.2:135 in via rl0 Sep 28 12:36:02 wotan kernel: ipfw: 65435 Deny TCP 212.119.162.40:4227 192.168.2.2:135 in via rl0 Sep 28 12:59:02 wotan kernel: ipfw: 65435 Deny TCP 213.150.54.194:4972 192.168.2.2:53 in via rl0 Sep 28 12:59:05 wotan kernel: ipfw: 65435 Deny TCP 213.150.54.194:4972 192.168.2.2:53 in via rl0 (gah! can't turn line wrapping off - that should be four lines) However, what I want is to have 'tail' only display this: Sep 28 12:31:32 212.152.232.68:135 Sep 28 12:36:02 212.119.162.40::135 Sep 28 12:59:02 213.150.54.194:53 Sep 28 12:59:05 213.150.54.194:53 In other words, the dat/time, source IP and destination port. I imagine it's doable via l33t sed and awk skilz, but I wouldn't really know where to begin. Essentially I'm trying to get the pertinent parts of my security log tail'd out to a serial port and displayed on a 40col Apple //e screen. Don't ask why. It's sad. Jim  Signaturehttp://www.ursaMinorBeta.co.uk SOTTERLEY (n,) Uncovered bit between two shops with awnings, which you have to cross when it's raining. > I want to tail the output of a file that looks like this: > Sep 28 12:31:32 wotan kernel: ipfw: 65435 Deny TCP 212.152.232.68:4646 [quoted text clipped - 30 lines] > Uncovered bit between two shops with awnings, which you have to cross when > it's raining. You're piping the activity of your firewall to a spare Apple IIe for GeekPoints (tm), aren't you? Like your style - I'm a firm believer that the more cryptic text scrolling across monochrome monitors you have in an office, the more retro high tech points you score... Ric > You're piping the activity of your firewall to a spare Apple IIe for > GeekPoints (tm), aren't you? er...*cough* might be, yes. > Like your style - I'm a firm believer that the more cryptic text > scrolling across monochrome monitors you have in an office, the more > retro high tech points you score... I'll be using 300 baud for that _authentic_ retro feel. And a green screen. If I could just get a Beeb serial cable I'd use a Beeb. Lord knows I've got enough of the buggers. Please don't suggest making one - I'm fully prepared to believe it's easy, but the last time I tried to use a soldering iron...well, pain, smoke, people screaming... Jim Signaturehttp://www.ursaMinorBeta.co.uk TAMPA (n.) The sound of a rubber eraser coming to rest after dropping off a desk in a very quiet room. > If I could just get a Beeb serial cable I'd use a Beeb. Lord knows I've got > enough of the buggers. Please don't suggest making one - I'm fully prepared > to believe it's easy, but the last time I tried to use a soldering > iron...well, pain, smoke, people screaming... > > Jim You say that as if it were a Bad Thing. I just love the smell of Fear when I power up my two butane powered babies. One for soldering, one with hot-air nozzle to shrink the heat-shrink :-> Signaturejames dore IT Officer, New College, Oxford http://www.new.ox.ac.uk/ it-support@new.... >> If I could just get a Beeb serial cable I'd use a Beeb. Lord knows I've got >> enough of the buggers. Please don't suggest making one - I'm fully prepared [quoted text clipped - 6 lines] > when I power up my two butane powered babies. One for soldering, one > with hot-air nozzle to shrink the heat-shrink :-> Sadly in my case it's more to do with the fact that I am the World's Worst Solderer. Give me two wires to solder together and I'll solder one to a lamp, the other to my nose, the carpet will be on fire...you get the picture. Jim Signaturehttp://www.ursaMinorBeta.co.uk TINGRITH (n.) The feeling of silver paper against your fillings. > >> If I could just get a Beeb serial cable I'd use a Beeb. Lord knows I've got > >> enough of the buggers. Please don't suggest making one - I'm fully prepared [quoted text clipped - 12 lines] > Give me two wires to solder together and I'll solder one to a lamp, the > other to my nose, the carpet will be on fire...you get the picture. egad. Have you been let near a barbecue in a built-up area? Signaturejames dore IT Officer, New College, Oxford http://www.new.ox.ac.uk/ it-support@new.... >> > You say that as if it were a Bad Thing. I just love the smell of Fear >> > when I power up my two butane powered babies. One for soldering, one [quoted text clipped - 7 lines] > > egad. Have you been let near a barbecue in a built-up area? Not since Tunguska. Jim Signaturehttp://www.ursaMinorBeta.co.uk NAAS (n.) The windmaking region of Albania where most of the wine that people take to bottle-parties comes from. > You're piping the activity of your firewall to a spare Apple IIe for > GeekPoints (tm), aren't you? > Like your style - I'm a firm believer that the more cryptic text > scrolling across monochrome monitors you have in an office, the more > retro high tech points you score... har har! I've been doing some perl-ing recently, and when I get the output to scroll in green on a black terminal window I get a lot of 'Matrix' comments. SignatureIn our distant past, most of the tribe huddled round the fire near the mouth of the cave, perhaps some of them performing whatever ritual made dawn come again, while the ur-geek squatted in the darkness at the back of the cave, hacking the wall paintings - Malcolm Ray > You're piping the activity of your firewall to a spare Apple IIe for > GeekPoints (tm), aren't you? > Like your style - I'm a firm believer that the more cryptic text > scrolling across monochrome monitors you have in an office, the more > retro high tech points you score... And here's the pictures to prove it: <http://www.UrsaMinorBeta.co.uk/AppleSecLog1.jpg> <http://www.UrsaMinorBeta.co.uk/AppleSecLog2.jpg> <http://www.UrsaMinorBeta.co.uk/Apple2.jpg> Jim SignatureFind me at http://www.ursaminorbeta.co.uk AIM/iChatAV: JCAndrew2 Skype: greyarea > <http://www.UrsaMinorBeta.co.uk/Apple2.jpg> IVAR! -z- SignatureNo 3G. Fewer megapixels than an N95. Lame. > > <http://www.UrsaMinorBeta.co.uk/Apple2.jpg> > > IVAR! Damn. Rumbled. Jim SignatureFind me at : http://www.ursaminorbeta.co.uk Please help to bring old whisky literature back into print - visit www.ClassicExpressions.co.uk > > > <http://www.UrsaMinorBeta.co.uk/Apple2.jpg> > > > > IVAR! > > Damn. Rumbled. Nothing to be ashamed of, it's a decent workhorse. -z- SignatureNo 3G. Fewer megapixels than an N95. Lame. > > > > <http://www.UrsaMinorBeta.co.uk/Apple2.jpg> > > > [quoted text clipped - 3 lines] > > Nothing to be ashamed of, it's a decent workhorse. Explanation? Or is this a private conversation? SignaturePeter > > > > > <http://www.UrsaMinorBeta.co.uk/Apple2.jpg> > > > > [quoted text clipped - 5 lines] > > Explanation? Or is this a private conversation? Idea shelving. Jim SignatureFind me at http://www.ursaminorbeta.co.uk AIM/iChatAV: JCAndrew2 Skype: greyarea > > > Nothing to be ashamed of, it's a decent workhorse. > > > > Explanation? Or is this a private conversation? > > Idea shelving. <sigh> IKEA shelving. Scotland won the rugby, so I was a little...happy. Jim SignatureFind me at http://www.ursaminorbeta.co.uk AIM/iChatAV: JCAndrew2 Skype: greyarea > > You're piping the activity of your firewall to a spare Apple IIe for > > GeekPoints (tm), aren't you? [quoted text clipped - 5 lines] > > <http://www.UrsaMinorBeta.co.uk/AppleSecLog1.jpg> I had that modem. That was a long time ago! SignatureWoody www.alienrat.com > > > You're piping the activity of your firewall to a spare Apple IIe for > > > GeekPoints (tm), aren't you? [quoted text clipped - 7 lines] > > I had that modem. That was a long time ago! Which one? There's two there. Jim SignatureFind me at http://www.ursaminorbeta.co.uk AIM/iChatAV: JCAndrew2 Skype: greyarea > > > > You're piping the activity of your firewall to a spare Apple IIe for > > > > GeekPoints (tm), aren't you? [quoted text clipped - 9 lines] > > Which one? There's two there. The real one on the bottom on the left, the nightingale. SignatureWoody www.alienrat.com > <http://www.UrsaMinorBeta.co.uk/AppleSecLog1.jpg> Why do you have a pic of C. Holland & his mother on your desk? Signatureemail to oshea dot j dot j at gmail dot com. > > <http://www.UrsaMinorBeta.co.uk/AppleSecLog1.jpg> > > Why do you have a pic of C. Holland & his mother on your desk? Do *not* despoil good Cocker Spaniels by association with that...thing. Jim SignatureFind me at http://www.ursaminorbeta.co.uk AIM/iChatAV: JCAndrew2 Skype: greyarea >>> <http://www.UrsaMinorBeta.co.uk/AppleSecLog1.jpg> >> [quoted text clipped - 3 lines] > > Jim Sorry. Couldn't resist. Apologise to the dogs for me. Signatureemail to oshea dot j dot j at gmail dot com. > Sorry. Couldn't resist. Apologise to the dogs for me. I would but they're no longer with us. No worries mate. Jim SignatureFind me at http://www.ursaminorbeta.co.uk AIM/iChatAV: JCAndrew2 Skype: greyarea > (gah! can't turn line wrapping off - that should be four lines) > [quoted text clipped - 4 lines] > Sep 28 12:59:02 213.150.54.194:53 > Sep 28 12:59:05 213.150.54.194:53 % tail ipfw.log | awk '{print $1, $2, $3, $10}' assuming it's ipfw.log that the tail is, um tailing. SignatureRichard P. Grant 0x5F9559B1 RG Design rpgrant at netspace.net.au http://www.rg-d.com/BioLOG/ i dont know, something like a sound problem wouldnt be a reinstall windows job, a simple driver job more than likely - Iain Dingsdale misses a point > I want to tail the output of a file that looks like this: > Sep 28 12:31:32 wotan kernel: ipfw: 65435 Deny TCP 212.152.232.68:4646 [quoted text clipped - 26 lines] > > Jim You can certainly do it with awk. I can't remember how. But the man page and patience should sort it. > I imagine it's doable via l33t sed and awk skilz, but I wouldn't really know > where to begin. Pipe it to: awk '{ print $1, $2, $3, $11 }' Adjust the $11 value if I guessed it incorrectly. Regards SignatureMartin >> I imagine it's doable via l33t sed and awk skilz, but I wouldn't really know >> where to begin. > > Pipe it to: > > awk '{ print $1, $2, $3, $11 }' *Almost*, but that displays the internal IP and port. The problem is that you've got two IPs with port numbers (source and destination), but I want the _source_ IP and the _destination_ port. And they're not space delimited, sadly. So, given: [...] TCP 212.152.232.68:4646 192.168.2.2:135 [...] --------------------------^ -------------^ I want the first IP and the second port, so 212.152.232.68:135 Jim Signaturehttp://www.ursaMinorBeta.co.uk NAAS (n.) The windmaking region of Albania where most of the wine that people take to bottle-parties comes from. > The windmaking region of Albania where most of the wine that people take to > bottle-parties comes from. there is an area of albania where they make wind? SignatureWoody >> The windmaking region of Albania where most of the wine that people take to >> bottle-parties comes from. > > there is an area of albania where they make wind? It's the sausages. Jim Signaturehttp://www.ursaMinorBeta.co.uk KINGSTON BAGPUISE (n.) A forty-year-old sixteen-stone man trying to commit suicide by jogging. > I want the first IP and the second port, so 212.152.232.68:135 I can see that David has already sorted it out - but my alternative would be the less elegant: | awk '{ print $1,$2,$3,$10,$11 }'| awk ' BEGIN { FS = ":" } ; { print $1":"$2":"$3,$NF }' Regards SignatureMartin > I want to tail the output of a file that looks like this: > Sep 28 12:31:32 wotan kernel: ipfw: 65435 Deny TCP 212.152.232.68:4646 [quoted text clipped - 16 lines] > > In other words, the dat/time, source IP and destination port. awk '{sub(/:.*$/,"", $10); sub(/^.*:/,"", $11); print $1, $2, $3, $10, $11}'<<+ Sep 28 12:31:32 wotan kernel: ipfw: 65435 Deny TCP 212.152.232.68:4646 192.168.2.2:135 in via rl0 Sep 28 12:36:02 wotan kernel: ipfw: 65435 Deny TCP 212.119.162.40:4227 192.168.2.2:135 in via rl0 Sep 28 12:59:02 wotan kernel: ipfw: 65435 Deny TCP 213.150.54.194:4972 192.168.2.2:53 in via rl0 Sep 28 12:59:05 wotan kernel: ipfw: 65435 Deny TCP 213.150.54.194:4972 192.168.2.2:53 in via rl0 + Sep 28 12:31:32 212.152.232.68 135 Sep 28 12:36:02 212.119.162.40 135 Sep 28 12:59:02 213.150.54.194 53 Sep 28 12:59:05 213.150.54.194 53 >> I want to tail the output of a file that looks like this: >> Sep 28 12:31:32 wotan kernel: ipfw: 65435 Deny TCP 212.152.232.68:4646 [quoted text clipped - 32 lines] > Sep 28 12:59:02 213.150.54.194 53 > Sep 28 12:59:05 213.150.54.194 53 That's the chap! Thanks. Jim Signaturehttp://www.ursaMinorBeta.co.uk HARPENDEN (n.) The coda to a phone conversion, consisting of about eight exchanges, by which people try gracefully to get off the line. |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.