extract data from text file with linux - linux

I have file and I need to extract some data. the problem I'm facing is some line not almost the same with other lines. here is the example:
action=accept trandisp=noop srcip=1.1.1.1 dstip=2.2.2.2 service=PING proto=1 duration=61
action=accept trandisp=noop srcip=1.1.1.1 dstip=3.3.3.3 dstport=80 service=http proto=1 duration=61
I want to get the destination IP with service in the first row, and the
destination IP with dstport and service in the second line.
I'm new in linux and I tried it with grep and cut but it didn't work for me.
please help me with the explanation of your answer.

What about this one?
grep -o -P "dstip=[0-9.]+ (dstport=[0-9]+)? service=\w+ (dstport=[0-9]+)?" your-file
Explanation:
-o, --only-matching show only the part of a line matching PATTERN
-P, --perl-regexp PATTERN is a Perl regular expression
Of course, key-value order matters.

Related

Why ip_forward_use_pmtu added in the result of sysctl in linux server

So I did an OS version-up in a linux server, and was seeing if any setting has been changed.
And when I typed "sysctl -a | grep "net.ipv4.ip_forward"
The following line was added,
net.ipv4.ip_forward_use_pmtu = 0
I know that this is because this parameter is in /proc/sys.
But I think if the result of sysctl before upload did not show this line, it was not in /proc/sys before as well, right ?
I know that 0 means " this setting is not applied...So basically it does not do anything.
But why this line is added.
The question is
Is there any possible reason that can add this line?
Thank you, ahead.
Even the question itself "added in the result of sysctl in linux server" is wrong here.
sysctl in the way you invoked it, lists all the entries.
grep which you used to filter those entries "selects" matching texts, if you'd run grep foo against the list:
foo
foobar
both items would be matched. That's exactly what you see but the only difference is instead of "foo" you have "net.ipv4.ip_forward".
Using --color shows that clearly:
Pay attention to the use of fgrep instead of grep because people tend to forget that grep interprets some characters as regular expressions, and the dot . means any character, which might also lead to unexpected matches.

Does anyone know what this mean? -----> sed: -e expression #1, char 28: unknown command: `.'

\#Add another new line of text to hosts and send the output to
hosts_update.sh
sed '/localhost/a\
# Gateway
10.0.0.1 it20.it.cs.umb.edu it20
# Addresses for the Windows PCs
10.0.0.240 it21.it.cs.umb.edu it21\
10.0.0.241 it22.it.cs.umb.edu it22\
10.0.0.242 it23.it.cs.umb.edu it23\
10.0.0.243 it24.it.cs.umb.edu it24\
10.0.0.244 it25.it.cs.umb.edu it25\
10.0.0.245 it26.it.cs.umb.edu it26\
10.0.0.246 it27.it.cs.umb.edu it27\
10.0.0.247 it28.it.cs.umb.edu it28\
' hosts > hosts_update.sh
First things first, your initial couple of lines look way off for a shell script. It looks like your hosts_update.sh line should be part of the comments (and the comment shouldn't start with a \ anyway):
# Add another new line of text to hosts and send the output
# to hosts_update.sh
Secondly, you need a \ at the end of each line that you're appending with sed, at the moment you only have it on certain select lines. With that in mind, this script is probably what you wanted:
# Add another new line of text to hosts and send the output
# to hosts_update.sh
sed '/localhost/a\
\
# Gateway\
10.0.0.1 it20.it.cs.umb.edu it20\
\
# Addresses for the Windows PCs\
10.0.0.240 it21.it.cs.umb.edu it21\
10.0.0.241 it22.it.cs.umb.edu it22\
10.0.0.242 it23.it.cs.umb.edu it23\
10.0.0.243 it24.it.cs.umb.edu it24\
10.0.0.244 it25.it.cs.umb.edu it25\
10.0.0.245 it26.it.cs.umb.edu it26\
10.0.0.246 it27.it.cs.umb.edu it27\
10.0.0.247 it28.it.cs.umb.edu it28\
' hosts > hosts_update.sh
What's actually happening in your case (without the \ continuation characters):
sed '/localhost/a\
# Gateway
10.0.0.1 it20.it.cs.umb.edu it20
is that:
you append a single blank line after localhost;
then you have a sed comment line;
then you tell sed to execute . on line number ten.
At that point, sed rightly complains it has no idea what to do with the . command :-)
I'd say, based on experience, an earlier (working) iteration of the script had only the it21-28 lines and someone added (badly) the it20 and comment/blank lines. That's based on the fact only those lines are the errant ones. However, that's just (informed) speculation and doesn't affect the answer.
And, finally, you probably don't want to call the resultant file hosts_update.sh, people will almost certainly think it's a shell script rather than the hosts file it actually is.

Find entry in .netrc file via bash and delete it if exists

In bash, how do I search for the following string in a file ~/.netrc and delete that line plus the next two lines if found:
machine api.mydomain.com
Example is:
machine api.mydomain.com
user foo
password bar
It should delete all three lines, but I can't match user and password since those are unknown. The only fixed value is machine api.mydomain.com.
Try:
sed -i '' '/^machine api.mydomain.com$/{N;N;d;}' ~/.netrc
When this finds the line machine api.mydomain.com, it reads in two more lines and then deletes them all. Other lines pass through unchanged.
For GNU sed, the argument to -i is optional. For OSX (BSD) sed, the argument is required but is allowed to be empty as shown above.
Let's google it together - sed or awk: delete n lines following a pattern
So, the answer is sed -e '/machine api.mydomain.com/,+2d' ~/.netrc. Add -i flag if changes need to be done in place.

funky file name output from shell/bash?

So, im making a small script to do an entire task for me. The task is to get the output of the dmidecode -Fn into a text file and then take a part of the dmidecode output, in my example, the Address (0xE0000) as the file name of the txt.
My script goes as follows and does work, i have tested it. The only little issue that i have, is that the file name of the txt appears as "? 0xE0000.txt"
My question is, why am i getting a question mark followed by a space in the name?
#!/bin/bash
directory=$(pwd)
name=$(dmidecode|grep -i Address|sed 's/Address://')
inxi -Fn > $directory/"$name".txt
The quotes in the "$name".txt is to avoid an "ambiguous redirect" error i got when running the script.
Update #Just Somebody
root#server:/home/user/Desktop# dmidecode | sed -n 's/Address://p'
0xE0000
root#server:/home/user/Desktop#
Solution
The use of |sed -n 's/^.*Address:.*0x/0x/p' got rid of the "? " in 0xE0000.txt
A big thanks to everyone!
You've got a nonprinting char in there. Try:
dmidecode |grep -i Address|sed 's/Address://'| od -c
to see exactly what you're getting.
UPDATE: comments indicate there's a tab char in there that needs to be cleaned out.
UPDATE 2: the leading tab is before the word Address. Try:
name=$(dmidecode |grep -i Address|sed 's/^.*Address:.*0x/0x/')
or as #just_somebody points out:
name=$(dmidecode|sed -n 's/^.*Address:.*0x/0x/p')
UPDATE 3
This changes the substitution regex to replace
^ (start of line) followed by .* (any characters (including tab!)) followed by Address: followed by .* (any characters (including space!)) followed by 0x (which are always at the beginning of the address since it's in hex)
with
0x (because you want that as part of the result)
If you want to learn more, read about sed regular expressions and substitutions.

sed not replacing a full sentence

ssh root#$IP sed -i -e 's/listen\t80\default_server;/test/' /etc/nginx/conf.d/default.conf is there something I am not doing correctly?
I am doing to learn how to use sed - but I think the greatest route for making a general configuration across multiple server is to upload the conf file? Any input would be appreciated, thanks!
It appears that you are missing a tab:
listen\t80\tdefault_server
If it was me, I'd replace the tab pattern with general whitespace pattern to allow a little flexibility:
listen\s\+80\s\+default_server
or
listen[[:space:]]\+80[[:space:]]\+default_server

Resources