Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 27 Aug 2008 08:25:02 -0500
From:      Martin McCormick <martin@dc.cis.okstate.edu>
To:        freebsd-questions@freebsd.org
Subject:   Re: Regular Expression Trouble 
Message-ID:  <200808271325.m7RDP28b044255@dc.cis.okstate.edu>

next in thread | raw e-mail | index | archive | help
My thanks to several people who have provided great suggestions
and an apology for not being clear on the log data I am mining
for MAC addresses. It is syslog and a typical line looks like:

Aug 26 20:45:36 dh1 dhcpd: DHCPACK on 10.198.67.116 to 00:12:f0:88:97:d6
(peaster-laptop) via 10.198.71.246 

That was one line broken to aid in emailing, but that's what
types of lines are involved. The MAC appears at different field
locations depending on the type of event being logged so awk is
perfect for certain types of lines, but it misses others and no
one awk expression gets them all.

	This is an attempt to isolate every MAC address that
appears and then sort and count them to see who is having
trouble or, in some cases, is causing trouble.

	The sed pattern matching system is interesting because I
can think of several similar situations in which the data are
there but there is no guarantee where on a given line it sits
and grep or sed usually will pull in the whole line containing
the desired data which means that one must further parse things
to get what is wanted.

Martin McCormick



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200808271325.m7RDP28b044255>