0

I'm looking to display just the email address in the /var/log/secure file. The email goes into a variable, so just grepping for lines won't work.

I know how to string together sed commands, but is there a cleaner way?

I could even scrap the idea altogether, if there is a cleaner way to get ssh key comment emails. I'm looking to find out which email comment, on the clients ssh key, was used to login. So far I have been using something like this..

 ssh root@localhost  "sleep 1 ; tail -1 /var/log/secure | ..."

I hope there is a better way, or at least a clean way to display just the email.

J. M. Becker
  • 2,471
  • 1
  • 17
  • 21
  • 1
    Could you please post an (obfuscated) snippet of your log file? I have nothing on my log about SSH keys (and emails). – Matteo Oct 06 '11 at 14:48
  • ...forgot to mention, ssh going through a wrapper script that logs those key comment emails. – J. M. Becker Oct 06 '11 at 20:41
  • I ended up finishing this soon after posting. I found a cleaner way, I got user info out of LDAP and then did a grep -o for the email. – J. M. Becker Oct 06 '11 at 20:44
  • I really, should have changed the title, to the more relevant question... but the email is in the variable, so the scripts are working. – J. M. Becker Oct 06 '11 at 20:49

2 Answers2

1

Why doesn't grep work out for you? It has the -o parameter to get only the match. So something like grep -o " .+@.+ " /var/log/secure should work. Only work out the expression to just match the email address.

mailq
  • 17,023
  • 2
  • 37
  • 69
0

As @Matteo mentioned, I've never seen the public key informations in /var/log/secure but if you want to display only email address from a text file, you can use egrep (for extended regex) with -o option, something like this:

$ egrep -o '[^ ]+@[^ ]+' input

or you must escape the plus if you use grep:

$ grep -o '[^ ]\+@[^ ]\+' input

You can also do it with sed:

$ sed -nr 's/.* ([^ ]+@[^ ]+).*$/\1/p' input
quanta
  • 51,413
  • 19
  • 159
  • 217