Date: Fri, 20 Aug 2010 19:36:26 -0430 From: Andres Perera <andres.perera@zoho.com> To: Paul Schmehl <pschmehl_lists@tx.rr.com> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: Any awk gurus on the list? Message-ID: <AANLkTi=yGdWpsqqHAZRNj4OP%2BWX6ESR6U_7AhwSJfPrh@mail.gmail.com> In-Reply-To: <23BA961B74BA2B5CA8B523F9@utd65257.utdallas.edu> References: <23BA961B74BA2B5CA8B523F9@utd65257.utdallas.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Aug 20, 2010 at 12:42 PM, Paul Schmehl <pschmehl_lists@tx.rr.com> wrote:
> I'm trying to figure out how to use awk to parse values from a string of
> unknown length and unknown fields using awk, from within a shell script, and
> write those values to a file in a certain order.
>
> Here's a typical string that I want to parse:
>
> alert ip
> [50.0.0.0/8,100.0.0.0/6,104.0.0.0/5,112.0.0.0/6,173.0.0.0/8,174.0.0.0/7,176.0.0.0/5,184.0.0.0/6]
> any -> $HOME_NET any (msg:"ET POLICY Reserved IP Space Traffic - Bogon Nets
> 2"; classtype:bad-unknown;
> reference:url,www.cymru.com/Documents/bogon-list.html; threshold: type
> limit, track by_src, count 1, seconds 360; sid:2002750; rev:10;)
There's really no need for tr nor sed in awk since it has sub().
#!/usr/bin/awk -f
BEGIN {
RS = ";"
}
$1 ~ /^sid:/ {
sub(/^[[:space:]]*/,"")
print
}
If you want to get other fields, making it into a function won't be
comfortable. You'd be better off using perl or lua in that case.
Andres
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTi=yGdWpsqqHAZRNj4OP%2BWX6ESR6U_7AhwSJfPrh>