How to filler out iptable result base on certain fields and view it with tail command?

Question

I have this log :

Jan  26 01:05:47 server54 kernel: [41s58.6w4335] INPUT:DROP: IN=eth4 OUT= MAC=d3:ss:43:23:23:43 SRC=1.1.1.1 DST=127.0.0.0 LEN=40 TOS=0x00 PREC=0x00 TTL=254 ID=65259 PROTO=TCP SPT=53252 DPT=22 WINDOW=14600 RES=0x00 RST URGP=0

And I want to fitter out the results such that it only shows SRC and DST part with the time,showing at first, something like this:

 Jan  26 01:05:47 SRC=1.1.1.1 DST=127.0.0.0

I get as far as :

tail -f -n 2 /var/log/kern.log | grep 'INPUT'

But if I add second grep, It won't work! and I want to see live result so tail should be in there.

Answer 1

Try if this works:

sed -E 's/^([0-9a-zA-Z: ]*[0-9]{2}:[0-9]{2}:[0-9]{2}).*(SRC=[0-9.:]+).*(DST=[0-9.:]+).*$/\1 \2 \3/g'

It leaves me with Jan 26 01:05:47 SRC=1.1.1.1 DST=127.0.0.0

Regex explanation:
^ beginning of line
( start capture group \1
[0-9a-zA-Z: ]* zero or more alphanum/colon/space
[0-9]{2}:[0-9]{2}:[0-9]{2} date (nn:nn:nn)
) end capture group \1
.* all characters
( start capture group \2
SRC=[0-9.:]+ SRC= followed by one or more numbers/colon/dot
) end of capture group \2
.* any character
( start capture group \3
DST=[0-9.:]+ DST= followed by one or more numbers/colon/dot
) end of capture group \3
.* any character
$ end of line

Then we just use sed with -E (extended regex) to replace each line in the file with the three capture groups (\1 \2 \3)
There are probably way shorter regex to do this.

Answer 2

The accepted answer is correct, but if you like to make it more fun, you could do this:

red=$(tput bold;tput setaf 1)
yellow=$(tput bold;tput setaf 3)
green=$(tput bold;tput setaf 2)
magenta=$(tput bold;tput setaf 5)
normal=$(tput sgr0)

tail -f -n 30 /var/log/kern.log | grep "DROP"|sed -E "s/^([0-9a-zA-Z: ]+)([0-9]{2}:[0-9]{2}:[0-9]{2}).*(SRC=)([0-9.:]+).*$/$yellow\1$red \2$green \3$magenta\4/g"

It will colorize the output , and don't forget to use double quotation instead of single quotation.