How to strip logfile with grep to remove various dispensable information?

Question

My logfile has the following format:

Dec 26 13:11:48 192.168.1.1 kernel: ACCEPT IN=br0 OUT=vlan1 SRC=192.168.1.2 DST=74.125.43.147 LEN=44 TOS=0x00 PREC=0x00 TTL=63 ID=9312 DF PROTO=TCP SPT=11733 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B4)

Now i'm trying to remove some dispensable information to make the output better readable and well arranged and put it into a new file.

The result should look like this and should only have the following information:

Dec 26 13:11:48 192.168.1.2 74.125.43.147 TCP SPT=11733 DPT=80

How to do it?

user253751 · Accepted Answer · 2010-12-26T13:23:47.693

2

awk '{sub(/PROTO=/, "", $17); print $1,$2,$3,$4,$17,$18,$19}' < logfile.log > processed-logfile.log

edited Dec 26 '10 at 13:23

answered Dec 26 '10 at 12:52

user253751

169
1
5

thanks, i understood the print part, but the sub part doesn't work for me? i get the error message: awk: line 1: runaway string constant ", $17); pr ... – NES Dec 26 '10 at 13:02
i think there is a missing double quote a the sub replacement option – NES Dec 26 '10 at 13:07
yes there is, sorry about that. i fixed it now. – user253751 Dec 26 '10 at 13:23
You can omit the input redirection. – Dennis Williamson Dec 26 '10 at 20:12

gWaldo · Answer 2 · 2010-12-26T14:36:09.860

0

Try awk to select the wanted columns with print statements to place them in the desired order.

For instance, if you wanted the PID (process ID) of process "foo" on your system, you could run

ps -ef | grep foo | grep -v grep | awk '{ print $2 ; }'

edited Dec 26 '10 at 14:36

answered Dec 26 '10 at 12:42

gWaldo

11,957
8
42
69

could you provide a syntax example since i'm a relative newbie with commandline processing like this? – NES Dec 26 '10 at 12:43

How to strip logfile with grep to remove various dispensable information?

2 Answers2