Solved

Regex question & awk

Posted on 2013-12-17
11
231 Views
Last Modified: 2013-12-17
How should i export bold parts from the given text below

IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.185.9.159.252 = STRING: 0:25:90:a8:9a:ef

and there is one additional thing if it has one char between two double dot  as this

IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.185.9.158.25 = STRING: 0:4:ac:e3:e8:49

it will export 00:04:ac:e3:e8:49 i mean it will add a 0 to infront of alone char between dots


IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.185.9.159.252 = STRING: 0:25:90:a8:9a:ef
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.185.9.159.253 = STRING: 0:25:90:a8:9a:ef
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.185.9.159.254 = STRING: 0:50:56:be:f1:5f
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.192.168.1.104 = STRING: 2:d0:68:12:4b:cc

Open in new window

0
Comment
Question by:3XLcom
  • 6
  • 5
11 Comments
 
LVL 31

Expert Comment

by:farzanj
ID: 39724487
So from this text,
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.185.9.159.252 = STRING: 0:25:90:a8:9a:ef

You want to extract IP address and MAC, this is all what I see is bolded?


Something like?

echo 'IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.185.9.159.252 = STRING: 0:25:90:a8:9a:ef' | sed 's/.*ipv4\.\([0-9\.]*\).*=.*STRING: \(.*\)/\1 \2/'

Open in new window

0
 

Author Comment

by:3XLcom
ID: 39724522
i need to export this from a text file
0
 
LVL 31

Expert Comment

by:farzanj
ID: 39724539
Export??  Adding 0 in front?  Also for IP?  Export where?
0
 

Author Comment

by:3XLcom
ID: 39724592
my server generates tooo long text files as this and i want to export a result as :


172.16.1.21  ->  0:18:6e:37:cf:28
172.16.1.22  ->  00:01:e8:d6:53:37

but one important point on the text 00:01:e8:d6:53:37 that seems as 0:1:e8:d6:53:37 if it has one decimal between two dots it will add one more zero to infront of it



IP-MIB::ipNetToPhysicalPhysAddress.1107755015.ipv4.172.16.1.21 = STRING: 0:18:6e:37:cf:28
IP-MIB::ipNetToPhysicalPhysAddress.1107755015.ipv4.172.16.1.22 = STRING: 0:1:e8:d6:53:37
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.10.1.1.1 = STRING: 0:1:e8:d6:53:37
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.37.123.96.3 = STRING: 0:50:56:be:70:d8
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.37.123.96.5 = STRING: 0:4:ac:e3:e8:49
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.37.123.96.6 = STRING: 0:4:ac:e3:e8:49
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.37.123.96.9 = STRING: 2:d0:68:12:4b:cc
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.37.123.96.18 = STRING: 90:2b:34:9d:53:cb
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.37.123.96.19 = STRING: 90:2b:34:9d:53:cb
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.37.123.96.20 = STRING: 90:2b:34:a0:42:f3
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.37.123.96.21 = STRING: 90:2b:34:a0:42:f3
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.37.123.96.34 = STRING: e0:69:95:2e:90:a4
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.37.123.96.35 = STRING: e0:69:95:2e:90:a4
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.37.123.96.36 = STRING: 90:2b:34:a0:42:f3
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.37.123.96.39 = STRING: e0:69:95:2e:90:a4
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.37.123.96.67 = STRING: b8:ac:6f:97:82:6f
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.37.123.96.116 = STRING: 0:4:ac:e3:e8:49
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.37.123.96.162 = STRING: 0:50:56:be:36:c1
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.37.123.96.178 = STRING: 0:50:56:96:50:fa
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.37.123.96.179 = STRING: 0:50:56:96:3:8b
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.37.123.96.180 = STRING: 0:50:56:96:3:c3
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.37.123.96.181 = STRING: 0:50:56:96:3:8b
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.37.123.96.182 = STRING: 0:50:56:96:3:8b
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.37.123.96.183 = STRING: 0:50:56:96:3:8b
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.37.123.96.184 = STRING: 0:50:56:96:3:c3
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.37.123.96.185 = STRING: 0:50:56:96:25:99
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.37.123.96.188 = STRING: 0:50:56:96:3:c3
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.37.123.96.189 = STRING: 0:50:56:96:3:8b
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.37.123.96.226 = STRING: 0:50:56:be:d0:49
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.37.123.96.227 = STRING: 0:50:56:be:d0:49
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.37.123.96.228 = STRING: 0:50:56:be:d0:49
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.37.123.96.229 = STRING: 0:50:56:be:d0:49
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.37.123.96.230 = STRING: 0:50:56:be:d0:49
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.37.123.96.231 = STRING: 0:50:56:be:d0:49
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.37.123.96.232 = STRING: 0:50:56:be:d0:49
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.37.123.96.233 = STRING: 0:50:56:be:d0:49
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.37.123.96.234 = STRING: 0:50:56:be:d0:49
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.37.123.96.235 = STRING: 0:50:56:be:d0:49
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.37.123.96.236 = STRING: 0:50:56:be:d0:49

Open in new window

0
 
LVL 31

Expert Comment

by:farzanj
ID: 39724864
Ok, export word is still confusing.

Try this command:

perl -ne 'if(($a,$b)=m{ipv4\.(\S+)\s=\sSTRING:\s(\S+)}) { $b =~ s/\b(\d)\b/0$1/g; print "$a --> $b\n";} logfilename'

Open in new window


change logfilename to the filename of your log file.

See what you get.  If you are happy with the output, you can redirect it to any file.
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 

Author Comment

by:3XLcom
ID: 39724879
This is the result :

[root@sflow islemler]# perl -ne 'if(($a,$b)=m{ipv4\.(\S+)\s=\sSTRING:\s(\S+)}) { $b =~ s/\b(\d)\b/0$1/g; print "$a --> $b\n";} snmplogs/router.txt'

Illegal division by zero at -e line 1, <> line 1.

Open in new window



And txt file :

IP-MIB::ipNetToPhysicalPhysAddress.1107755015.ipv4.172.16.1.21 = STRING: 0:18:6e:37:cf:28
IP-MIB::ipNetToPhysicalPhysAddress.1107755015.ipv4.172.16.1.22 = STRING: 0:1:e8:d6:53:37
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.10.1.1.1 = STRING: 0:1:e8:d6:53:37
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.37.123.96.3 = STRING: 0:50:56:be:70:d8
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.37.123.96.5 = STRING: 0:4:ac:e3:e8:49
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.37.123.96.6 = STRING: 0:4:ac:e3:e8:49
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.37.123.96.9 = STRING: 2:d0:68:12:4b:cc
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.37.123.96.18 = STRING: 90:2b:34:9d:53:cb
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.37.123.96.19 = STRING: 90:2b:34:9d:53:cb
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.37.123.96.20 = STRING: 90:2b:34:a0:42:f3
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.37.123.96.21 = STRING: 90:2b:34:a0:42:f3
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.37.123.96.34 = STRING: e0:69:95:2e:90:a4
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.37.123.96.35 = STRING: e0:69:95:2e:90:a4
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.37.123.96.36 = STRING: 90:2b:34:a0:42:f3
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.37.123.96.39 = STRING: e0:69:95:2e:90:a4
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.37.123.96.67 = STRING: b8:ac:6f:97:82:6f
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.37.123.96.116 = STRING: 0:4:ac:e3:e8:49
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.37.123.96.162 = STRING: 0:50:56:be:36:c1
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.37.123.96.178 = STRING: 0:50:56:96:50:fa
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.37.123.96.179 = STRING: 0:50:56:96:3:8b
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.37.123.96.180 = STRING: 0:50:56:96:3:c3
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.37.123.96.181 = STRING: 0:50:56:96:3:8b
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.37.123.96.182 = STRING: 0:50:56:96:3:8b
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.37.123.96.183 = STRING: 0:50:56:96:3:8b
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.37.123.96.184 = STRING: 0:50:56:96:3:c3
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.37.123.96.185 = STRING: 0:50:56:96:25:99
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.37.123.96.188 = STRING: 0:50:56:96:3:c3
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.37.123.96.189 = STRING: 0:50:56:96:3:8b
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.37.123.96.226 = STRING: 0:50:56:be:d0:49
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.37.123.96.227 = STRING: 0:50:56:be:d0:49
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.37.123.96.228 = STRING: 0:50:56:be:d0:49
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.37.123.96.229 = STRING: 0:50:56:be:d0:49
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.37.123.96.230 = STRING: 0:50:56:be:d0:49
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.37.123.96.231 = STRING: 0:50:56:be:d0:49
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.37.123.96.232 = STRING: 0:50:56:be:d0:49
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.37.123.96.233 = STRING: 0:50:56:be:d0:49
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.37.123.96.234 = STRING: 0:50:56:be:d0:49
IP-MIB::ipNetToPhysicalPhysAddress.1107787875.ipv4.37.123.96.235 = STRING: 0:50:56:be:d0:49

Open in new window

0
 
LVL 31

Accepted Solution

by:
farzanj earned 500 total points
ID: 39724901
Ok, try:

perl -ne 'if(($a,$b)=m{ipv4\.(\S+)\s=\sSTRING:\s(\S+)}) { $b =~ s/\b(\d)\b/0$1/g; print "$a --> $b\n";}' snmplogs/router.txt

Open in new window

0
 
LVL 31

Expert Comment

by:farzanj
ID: 39724915
perl -ne 'if(($a,$b)=m{ipv4\.(\S+)\s=\sSTRING:\s(\S+)}) { $b =~ s/\b(\d)\b/0$1/g; print "$a --> $b\n";}' file

Open in new window


This is what I get:

172.16.1.21 --> 00:18:6e:37:cf:28
172.16.1.22 --> 00:01:e8:d6:53:37
10.1.1.1 --> 00:01:e8:d6:53:37
37.123.96.3 --> 00:50:56:be:70:d8
37.123.96.5 --> 00:04:ac:e3:e8:49
37.123.96.6 --> 00:04:ac:e3:e8:49
37.123.96.9 --> 02:d0:68:12:4b:cc
37.123.96.18 --> 90:2b:34:9d:53:cb
37.123.96.19 --> 90:2b:34:9d:53:cb
37.123.96.20 --> 90:2b:34:a0:42:f3
37.123.96.21 --> 90:2b:34:a0:42:f3
37.123.96.34 --> e0:69:95:2e:90:a4
37.123.96.35 --> e0:69:95:2e:90:a4
37.123.96.36 --> 90:2b:34:a0:42:f3
37.123.96.39 --> e0:69:95:2e:90:a4
37.123.96.67 --> b8:ac:6f:97:82:6f
37.123.96.116 --> 00:04:ac:e3:e8:49
37.123.96.162 --> 00:50:56:be:36:c1
37.123.96.178 --> 00:50:56:96:50:fa
37.123.96.179 --> 00:50:56:96:03:8b
37.123.96.180 --> 00:50:56:96:03:c3
37.123.96.181 --> 00:50:56:96:03:8b
37.123.96.182 --> 00:50:56:96:03:8b
37.123.96.183 --> 00:50:56:96:03:8b
37.123.96.184 --> 00:50:56:96:03:c3
37.123.96.185 --> 00:50:56:96:25:99
37.123.96.188 --> 00:50:56:96:03:c3
37.123.96.189 --> 00:50:56:96:03:8b
37.123.96.226 --> 00:50:56:be:d0:49
37.123.96.227 --> 00:50:56:be:d0:49
37.123.96.228 --> 00:50:56:be:d0:49
37.123.96.229 --> 00:50:56:be:d0:49
37.123.96.230 --> 00:50:56:be:d0:49
37.123.96.231 --> 00:50:56:be:d0:49
37.123.96.232 --> 00:50:56:be:d0:49
37.123.96.233 --> 00:50:56:be:d0:49
37.123.96.234 --> 00:50:56:be:d0:49
37.123.96.235 --> 00:50:56:be:d0:49

Open in new window

0
 

Author Closing Comment

by:3XLcom
ID: 39724918
That is it thanks .
0ne last question is there any wat the make all chars upper case
0
 
LVL 31

Expert Comment

by:farzanj
ID: 39724940
Welcome.

Try this:
perl -ne 'if(($a,$b)=m{ipv4\.(\S+)\s=\sSTRING:\s(\S+)}) { $b =~ s/\b(\d)\b/0$1/g; print "$a --> ".uc($b)."\n";}' file

Open in new window

0
 

Author Comment

by:3XLcom
ID: 39724949
perfect thnx
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Using 'screen' for session sharing, The Simple Edition Step 1: user starts session with command: screen Step 2: other user (logged in with same user account) connects with command: screen -x Done. Both users are connected to the same CLI sessio…
Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now