-1

When using the following command:

nl /etc/snort/snort.conf | grep output

I get the following output:

 33  #  6) Configure output plugins
445  #  Step #6: Configure output plugins
450  #  output unified2: filename snort.log, limit 128, mpls_event_types, vlan_event_types

So, I can see that Step #6: Configure output plugins is on line 445.

I want to output line 445 plus the previous five lines (440-444 + 445), so I use:

tail -n+440 /etc/snort/snort.conf | head -n 6

However, this gives me completely different results. So, I cat the entire file with line numbers, investigate and indeed see that the line # Step #6: Configure output plugins is on line 445...

After much trial and error with the tail command, I finally get my intended results, however the line that I originally thought was on 445 is actually on 529. I can verify this by altering the previous command numbers to:

tail -n+524 /etc/snort/snort.conf | head -n 6

I then get the originally expected results, showing five lines of the config files, with # Step #6: Configure output plugins as the last line of the output.

Why is there a discrepancy between the perceived line numbers (445 vs 529)?

John Kugelman
  • 349,597
  • 67
  • 533
  • 578
RossAlexander
  • 423
  • 3
  • 10

2 Answers2

2

Take a look at the raw output of nl. It doesn't number blank lines.

$ nl /etc/snort/snort.conf
...
    32  ###################################################
    33  # Step #1: Set the network variables.  For more information, see README.variables
    34  ###################################################

    35  # Setup the network addresses you are protecting
    36  ipvar HOME_NET any

    37  # Set up the external network addresses. Leave as "any" in most situations
    38  ipvar EXTERNAL_NET any

    39  # List of DNS servers on your network
    40  ipvar DNS_SERVERS $HOME_NET

    41  # List of SMTP servers on your network
    42  ipvar SMTP_SERVERS $HOME_NET

    43  # List of web servers on your network
    44  ipvar HTTP_SERVERS $HOME_NET
...

Use -ba to number all lines. The default is -bt: number only nonempty lines.

nl -ba /etc/snort/snort.conf | grep output
John Kugelman
  • 349,597
  • 67
  • 533
  • 578
1

File a.sh has 5 lines out of which one is an empty line

nl a.sh

 1   #!/bin/bash

 2  export hello="world"
 3  sh abc.sh
 4  echo $1

When I count the number of lines it gives me 5 :

cat a.sh|wc -l
5

So that means head and tail obviously consider the empty lines but nl simply gives line number to non-empty lines.

Pacifist
  • 3,025
  • 2
  • 12
  • 20