-1

I have a centralized log file that I'm trying to parse out into multiple files to make it a bit more manageable.

The file contains lines looking like this 

2015-04-02 16:03:13 -0500       192.168.3.3: shell login for 'rancid' from 192.168.50.10 on tty1 succeeded
2015-04-02 16:03:20 -0500       192.168.3.8: shell login for 'rancid' from 192.168.50.10 on tty1 succeeded
2015-04-02 16:03:24 -0500       192.168.4.11: shell login for 'rancid' from 192.168.50.10 on tty1 succeeded
2015-04-02 16:03:33 -0500       192.168.4.7: shell login for 'rancid' from 192.168.50.10 on tty1 succeeded
2015-04-02 16:03:34 -0500       192.168.4.8: shell login for 'rancid' from 192.168.50.10 on tty1 succeeded
2015-04-02 16:03:46 -0500       192.168.5.10: shell login for 'rancid' from 192.168.50.10 on tty1 succeeded
2015-04-02 16:03:50 -0500       192.168.5.11: shell login for 'rancid' from 192.168.50.10 on tty1 succeeded

I'd like to split the log file out so that all lines partaining to the first ip address are all in the same log file so that 192.168.3.8 has it's own file, 192.168.4.11 has it's own file etc

shellter
  • 36,525
  • 7
  • 83
  • 90
Axis
  • 3
  • 2
  • Try it, then show us what you tried :) – Alfredo Gimenez Apr 02 '15 at 21:36
  • well the only thing I can think of so far is to run grep in a loop against an array of ip addresses...which would work fine I suppose, but that's a list(array) I'd have to keep up with. Unless maybe I can do a wildcard search using characters 33-46 numbers only since the address begins at character 33 on every line and have it use that address as the filename – Axis Apr 02 '15 at 21:42
  • If you want to do it with a shell script, `sed` or `awk` are good ways to go. Otherwise, you could always parse it in a small program with python or some other language (that's how I'd do it, but only because I'm no good with sed/awk...). – Alfredo Gimenez Apr 02 '15 at 21:50

1 Answers1

0

try this (but be aware that you get some files ip_xxx.xxx.xxx.xxx.log :-)

LOG=logfile_to_be_splitted
awk '{print $4}' ${LOG} | sort -u | while read ip; do 
  lfile=$(echo "$ip" | sed 's/\(.*\):/ip_\1.log/'); 
  grep "$ip" "$LOG" >$lfile; 
done

the awk command gets the column with the IP addresses

sort -u makes them unique (if IP addresses are not in consecutive lines)

sed the IP addresses of column 4 to get rid of the trailing ":"

within the while loop, IPs are grepped out of the logfile into their corresponding files

leu
  • 2,051
  • 2
  • 12
  • 25
  • I was trying to get there with cat access.log | awk {'print $4'} | sort | uniq but that just gave me all of the ip addresses in the 4th field duplicates or no. I'll try your way and see what happens...much appreciated! – Axis Apr 02 '15 at 22:02