How to grep for presence of specific hex bytes in files? - linux

My web app is displaying some bizarro output (unicode characters that shouldn't be there, etc.). The best I can reckon is that somehow I introduced a bad char somewhere in the source, but I can't figure out where.
I found this answer that states I can do something like:
grep -obUaP "<\x-hex pattern>" .
When I copy the unicode char out of the browser and into my Bless hex editor, it tells me that the exact bytes of the char are:
15 03 01 EF BF BD 02 02
How can I format <\xhex pattern> to match the exact bytes that I need. I tried:
grep -obUaP "<\x-15 03 01 EF BF BD 02 02>" .
But that doesn't work. Thoughts?


Check the post again. FrOsT is not including the '<' and '>' in his actual grep command. He only used the carats to enclose an example statement. His actual statement looks like this:
"\x01\x02"
not:
"<\x01\x02>"
I have a C source file on my computer that begins with the line:
#include <stdio.h>
When I run
grep -obUaP '\x69\x6E\x63\x6C\x75\x64\x65' io.c
I get
1:include
That is, the line number followed by only the string matching the pattern.
You may want to run
man grep
and find out what all those options mean.


It may be easiest to write the pattern of hex bytes to a separate file and load that into stdin for the search.
In this example there is a file sampletext, consisting of the 256 sequential bytes and the occasional newline, and searchstring, a sequence of characters to grep for.
$ xxd sampletext
00000000: 0001 0203 0405 0607 0809 0a0b 0c0d 0e0f ................
00000010: 0a10 1112 1314 1516 1718 191a 1b1c 1d1e ................
00000020: 1f0a 2021 2223 2425 2627 2829 2a2b 2c2d .. !"#$%&'()*+,-
00000030: 2e2f 0a30 3132 3334 3536 3738 393a 3b3c ./.0123456789:;<
00000040: 3d3e 3f0a 4041 4243 4445 4647 4849 4a4b =>?.#ABCDEFGHIJK
00000050: 4c4d 4e4f 0a50 5152 5354 5556 5758 595a LMNO.PQRSTUVWXYZ
00000060: 5b5c 5d5e 5f0a 6061 6263 6465 6667 6869 [\]^_.`abcdefghi
00000070: 6a6b 6c6d 6e6f 0a70 7172 7374 7576 7778 jklmno.pqrstuvwx
00000080: 797a 7b7c 7d7e 7f0a 8081 8283 8485 8687 yz{|}~..........
00000090: 8889 8a8b 8c8d 8e8f 0a90 9192 9394 9596 ................
000000a0: 9798 999a 9b9c 9d9e 9f0a a0a1 a2a3 a4a5 ................
000000b0: a6a7 a8a9 aaab acad aeaf 0ab0 b1b2 b3b4 ................
000000c0: b5b6 b7b8 b9ba bbbc bdbe bf0a c0c1 c2c3 ................
000000d0: c4c5 c6c7 c8c9 cacb cccd cecf 0ad0 d1d2 ................
000000e0: d3d4 d5d6 d7d8 d9da dbdc ddde df0a e0e1 ................
000000f0: e2e3 e4e5 e6e7 e8e9 eaeb eced eeef 0af0 ................
00000100: f1f2 f3f4 f5f6 f7f8 f9fa fbfc fdfe ff0a ................
$ xxd searchstring
00000000: 8081 8283 ....
By redirecting searchstring into stdin, grep can look for the bytes directly
$ grep -a "$(<searchstring)" sampletext | xxd
00000000: 8081 8283 8485 8687 8889 8a8b 8c8d 8e8f ................
00000010: 0a .
$ grep -ao "$(<searchstring)" sampletext | xxd
00000000: 8081 8283 0a .....

Related

node.js websocket client can't connect to server code: 'ECONNRESET'

When I was using ws npm package, I could use the same computer to create Server and connect client to the server.
But when I use client to connect to another websocket server,
I always get the below-mentioned error. server and client are in the same intranet.
I can make sure that this server could work because I use JavaScript to connect to it.
I'm using node.js version v16.10.0
error: Error: socket hang up
at connResetException (node:internal/errors:691:14)
at Socket.socketOnEnd (node:_http_client:471:23)
at Socket.emit (node:events:402:35)
at endReadableNT (node:internal/streams/readable:1343:12)
at processTicksAndRejections (node:internal/process/task)_queues:83:21) { _queues:83:21) {
code: 'ECONNRESET'
}
Does anybody know why or have any idea?
Here is the client code
import WebSocket from 'ws';
import dotenv from 'dotenv';
dotenv.config();
const ws = new WebSocket('ws://192.168.1.111:9000');
const object = { "message": "config_get" };
const data = JSON.stringify(object);
ws.on('error', (err) => console.log('error:', err));
ws.on('open', function open() {
console.log('success');
});
ws.on('message', function incoming(message) {
console.log(`Server: ${message}`);
});

I know it's a bit late to answer to the issue you had but anyway I hope my solution might help someone or help you if you still need help and did not dump WebSocket aside !
I had the same issue as you with ws
Error: socket hang up
at connResetException (node:internal/errors:691:14)
at Socket.socketOnEnd (node:_http_client:466:23)
at Socket.emit (node:events:532:35)
at Socket.emit (node:domain:475:12)
at endReadableNT (node:internal/streams/readable:1346:12)
at processTicksAndRejections (node:internal/process/task_queues:83:21) {
code: 'ECONNRESET'
}
for a simple code as:
const ws_session = new WebSocket(proto + '://' + data.ipAddress+":"+data.port);
ws_session.on('open', function open() {
console.log('something');
});
ws_session.on('error', function open() {
console.log('error');
});
ws_session.on('message', function message(data) {
console.log('received: %s', data);
});
I have tried nodejs-websocket and it worked fine !
var options = {extraHeaders: {"origin": "Test"}};
var ws_session = new WebSocket.connect(proto + '://' + data.ipAddress+":"+data.port + '/', options);
ws_session.on('connect', function () {
console.log("### Connected WS");
});
ws_session.on('text', function (msg) {
console.log(msg);
})
So for me the issue was mainly caused by origin field which was missing in the GET HTTP/1.1 .To have a WebSocket Client working correctly with ws just add the origin field like this:
const ws_session = new WebSocket(proto + '://' + data.ipAddress+":"+data.port + '/', {
origin:"Test"
});
A tcpdump of successful connection in case it might help.
tcpdump -i any -s 0 -v -XX -n '(host 10.181.18.224) and (port 9001)'
21:37:00.235233 IP (tos 0x0, ttl 125, id 10420, offset 0, flags [DF], proto TCP (6), length 52)
10.181.18.224.60993 > 172.21.144.81.9001: Flags [S], cksum 0x9925 (correct), seq 4257508728, win 65500, options [mss 1310,nop,wscale 8,nop,nop,sackOK], length 0
0x0000: 0000 0001 0006 0008 e3ff fd90 0000 0800 ................
0x0010: 4500 0034 28b4 4000 7d06 7b14 0ab5 12e0 E..4(.#.}.{.....
0x0020: ac15 9051 ee41 2329 fdc4 6d78 0000 0000 ...Q.A#)..mx....
0x0030: 8002 ffdc 9925 0000 0204 051e 0103 0308 .....%..........
0x0040: 0101 0402 ....
21:37:00.235267 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52)
172.21.144.81.9001 > 10.181.18.224.60993: Flags [S.], cksum 0x5a22 (incorrect -> 0x8999), seq 876928906, ack 4257508729, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 10], length 0
0x0000: 0004 0001 0006 00a0 a5e2 51ce 0000 0800 ..........Q.....
0x0010: 4500 0034 0000 4000 4006 e0c8 ac15 9051 E..4..#.#......Q
0x0020: 0ab5 12e0 2329 ee41 3444 df8a fdc4 6d79 ....#).A4D....my
0x0030: 8012 faf0 5a22 0000 0204 05b4 0101 0402 ....Z"..........
0x0040: 0103 030a ...."
21:37:00.283778 IP (tos 0x0, ttl 125, id 10421, offset 0, flags [DF], proto TCP (6), length 40)
10.181.18.224.60993 > 172.21.144.81.9001: Flags [.], cksum 0xc15b (correct), ack 1, win 1028, length 0
0x0000: 0000 0001 0006 0008 e3ff fd90 0000 0800 ................
0x0010: 4500 0028 28b5 4000 7d06 7b1f 0ab5 12e0 E..((.#.}.{.....
0x0020: ac15 9051 ee41 2329 fdc4 6d79 3444 df8b ...Q.A#)..my4D..
0x0030: 5010 0404 c15b 0000 0000 0000 0000 P....[........
21:37:00.285814 IP (tos 0x0, ttl 125, id 10422, offset 0, flags [DF], proto TCP (6), length 206)
10.181.18.224.60993 > 172.21.144.81.9001: Flags [P.], cksum 0x19f2 (correct), seq 1:167, ack 1, win 1028, length 166
0x0000: 0000 0001 0006 0008 e3ff fd90 0000 0800 ................
0x0010: 4500 00ce 28b6 4000 7d06 7a78 0ab5 12e0 E...(.#.}.zx....
0x0020: ac15 9051 ee41 2329 fdc4 6d79 3444 df8b ...Q.A#)..my4D..
0x0030: 5018 0404 19f2 0000 4745 5420 2f20 4854 P.......GET./.HT
0x0040: 5450 2f31 2e31 0d0a 486f 7374 3a20 3137 TP/1.1..Host:.17
0x0050: 322e 3231 2e31 3434 2e38 310d 0a55 7067 2.21.144.81..Upg
0x0060: 7261 6465 3a20 7765 6273 6f63 6b65 740d rade:.websocket.
0x0070: 0a43 6f6e 6e65 6374 696f 6e3a 2055 7067 .Connection:.Upg
0x0080: 7261 6465 0d0a 5365 632d 5765 6253 6f63 rade..Sec-WebSoc
0x0090: 6b65 742d 4b65 793a 2044 354d 6c68 5144 ket-Key:.D5MlhQD
0x00a0: 6d34 775a 6f6b 714c 4e74 4b45 4c4c 513d m4wZokqLNtKELLQ=
0x00b0: 3d0d 0a53 6563 2d57 6562 536f 636b 6574 =..Sec-WebSocket
0x00c0: 2d56 6572 7369 6f6e 3a20 3133 0d0a 6f72 -Version:.13..or
0x00d0: 6967 696e 3a20 5465 7374 0d0a 0d0a igin:.Test....
21:37:00.285843 IP (tos 0x0, ttl 64, id 19753, offset 0, flags [DF], proto TCP (6), length 40)
172.21.144.81.9001 > 10.181.18.224.60993: Flags [.], cksum 0x5a16 (incorrect -> 0xc47a), ack 167, win 63, length 0
0x0000: 0004 0001 0006 00a0 a5e2 51ce 0000 0800 ..........Q.....
0x0010: 4500 0028 4d29 4000 4006 93ab ac15 9051 E..(M)#.#......Q
0x0020: 0ab5 12e0 2329 ee41 3444 df8b fdc4 6e1f ....#).A4D....n.
0x0030: 5010 003f 5a16 0000 P..?Z...
21:37:00.286336 IP (tos 0x0, ttl 64, id 19754, offset 0, flags [DF], proto TCP (6), length 169)
172.21.144.81.9001 > 10.181.18.224.60993: Flags [P.], cksum 0x5a97 (incorrect -> 0xc525), seq 1:130, ack 167, win 63, length 129
0x0000: 0004 0001 0006 00a0 a5e2 51ce 0000 0800 ..........Q.....
0x0010: 4500 00a9 4d2a 4000 4006 9329 ac15 9051 E...M*#.#..)...Q
0x0020: 0ab5 12e0 2329 ee41 3444 df8b fdc4 6e1f ....#).A4D....n.
0x0030: 5018 003f 5a97 0000 4854 5450 2f31 2e31 P..?Z...HTTP/1.1
0x0040: 2031 3031 2053 7769 7463 6869 6e67 2050 .101.Switching.P
0x0050: 726f 746f 636f 6c73 0d0a 5570 6772 6164 rotocols..Upgrad
0x0060: 653a 2077 6562 736f 636b 6574 0d0a 436f e:.websocket..Co
0x0070: 6e6e 6563 7469 6f6e 3a20 5570 6772 6164 nnection:.Upgrad
0x0080: 650d 0a53 6563 2d57 6562 536f 636b 6574 e..Sec-WebSocket
0x0090: 2d41 6363 6570 743a 2064 5946 2f33 6a4b -Accept:.dYF/3jK
0x00a0: 487a 3058 496d 4c6f 616c 6532 3449 7261 Hz0XImLoale24Ira
0x00b0: 4666 3263 3d0d 0a0d 0a Ff2c=....
21:37:00.387744 IP (tos 0x0, ttl 125, id 10425, offset 0, flags [DF], proto TCP (6), length 40)
10.181.18.224.60993 > 172.21.144.81.9001: Flags [.], cksum 0xc034 (correct), ack 130, win 1028, length 0
0x0000: 0000 0001 0006 0008 e3ff fd90 0000 0800 ................
0x0010: 4500 0028 28b9 4000 7d06 7b1b 0ab5 12e0 E..((.#.}.{.....
0x0020: ac15 9051 ee41 2329 fdc4 6e1f 3444 e00c ...Q.A#)..n.4D..
0x0030: 5010 0404 c034 0000 0000 0000 0000 P....4........
21:37:00.387772 IP (tos 0x0, ttl 64, id 19755, offset 0, flags [DF], proto TCP (6), length 128)
172.21.144.81.9001 > 10.181.18.224.60993: Flags [P.], cksum 0x5a6e (incorrect -> 0xb0db), seq 130:218, ack 167, win 63, length 88
0x0000: 0004 0001 0006 00a0 a5e2 51ce 0000 0800 ..........Q.....
0x0010: 4500 0080 4d2b 4000 4006 9351 ac15 9051 E...M+#.#..Q...Q
0x0020: 0ab5 12e0 2329 ee41 3444 e00c fdc4 6e1f ....#).A4D....n.
0x0030: 5018 003f 5a6e 0000 8156 7b22 6d65 7373 P..?Zn...V{"mess
0x0040: 6167 6522 3a22 7265 6164 7922 2c22 7479 age":"ready","ty
0x0050: 7065 223a 2245 4e42 222c 226e 616d 6522 pe":"ENB","name"
0x0060: 3a22 454e 4222 2c22 7665 7273 696f 6e22 :"ENB","version"
0x0070: 3a22 3230 3231 2d30 392d 3138 222c 2274 :"2021-09-18","t
0x0080: 696d 6522 3a34 3433 3334 312e 3937 357d ime":443341.975}
21:37:00.477690 IP (tos 0x0, ttl 125, id 10427, offset 0, flags [DF], proto TCP (6), length 40)
10.181.18.224.60993 > 172.21.144.81.9001: Flags [.], cksum 0xbfdd (correct), ack 218, win 1027, length 0
0x0000: 0000 0001 0006 0008 e3ff fd90 0000 0800 ................
0x0010: 4500 0028 28bb 4000 7d06 7b19 0ab5 12e0 E..((.#.}.{.....
0x0020: ac15 9051 ee41 2329 fdc4 6e1f 3444 e064 ...Q.A#)..n.4D.d
0x0030: 5010 0403 bfdd 0000 0000 0000 0000 P.............

How to keep ^M when to create a new file?

There are ^M at the end of every line in my file target.html.
^M happens to be the way vim displays 0xD,\r\n used for a new line in windows.
head -n 10 target.html > new.html
vim new.html and set list for the new.html.
why no ^M kept in new.html file?
file target.html
target.html: HTML document, ISO-8859 text, with CRLF, LF line terminators
file new.html
new.html: HTML document, ASCII text, with CRLF line terminators
It confused me that the ending in new.html is 0d0a for every line,why no ^M displayed when to open it with my vim?
xxd new.html
00000000: 3c68 746d 6c20 786d 6c6e 733a 763d 2275 <html xmlns:v="u
00000010: 726e 3a73 6368 656d 6173 2d6d 6963 726f rn:schemas-micro
00000020: 736f 6674 2d63 6f6d 3a76 6d6c 220d 0a78 soft-com:vml"..x
00000030: 6d6c 6e73 3a6f 3d22 7572 6e3a 7363 6865 mlns:o="urn:sche
00000040: 6d61 732d 6d69 6372 6f73 6f66 742d 636f mas-microsoft-co
00000050: 6d3a 6f66 6669 6365 3a6f 6666 6963 6522 m:office:office"
00000060: 0d0a 786d 6c6e 733a 773d 2275 726e 3a73 ..xmlns:w="urn:s
00000070: 6368 656d 6173 2d6d 6963 726f 736f 6674 chemas-microsoft
00000080: 2d63 6f6d 3a6f 6666 6963 653a 776f 7264 -com:office:word
00000090: 220d 0a78 6d6c 6e73 3a6d 3d22 6874 7470 "..xmlns:m="http
000000a0: 3a2f 2f73 6368 656d 6173 2e6d 6963 726f ://schemas.micro
000000b0: 736f 6674 2e63 6f6d 2f6f 6666 6963 652f soft.com/office/
000000c0: 3230 3034 2f31 322f 6f6d 6d6c 220d 0a78 2004/12/omml"..x
000000d0: 6d6c 6e73 3d22 6874 7470 3a2f 2f77 7777 mlns="http://www
000000e0: 2e77 332e 6f72 672f 5452 2f52 4543 2d68 .w3.org/TR/REC-h
000000f0: 746d 6c34 3022 3e0d 0a0d 0a3c 6865 6164 tml40">....<head
00000100: 3e0d 0a3c 6d65 7461 2068 7474 702d 6571 >..<meta http-eq
00000110: 7569 763d 436f 6e74 656e 742d 5479 7065 uiv=Content-Type
00000120: 2063 6f6e 7465 6e74 3d22 7465 7874 2f68 content="text/h
00000130: 746d 6c3b 2063 6861 7273 6574 3d67 6232 tml; charset=gb2
00000140: 3331 3222 3e0d 0a3c 6d65 7461 206e 616d 312">..<meta nam
00000150: 653d 5072 6f67 4964 2063 6f6e 7465 6e74 e=ProgId content
00000160: 3d57 6f72 642e 446f 6375 6d65 6e74 3e0d =Word.Document>.
00000170: 0a3c 6d65 7461 206e 616d 653d 4765 6e65 .<meta name=Gene
00000180: 7261 746f 7220 636f 6e74 656e 743d 224d rator content="M
00000190: 6963 726f 736f 6674 2057 6f72 6420 3132 icrosoft Word 12
000001a0: 223e 0d0a ">..
Thank to Amadan,some line ended with only LF in my target.html.

target.html: HTML document, ISO-8859 text, with CRLF, LF line terminators
This is the clue. It seems your target.html has a mix of CRLF endings and LF endings. This confuses Vim, and makes it determine that fileformat=unix and displays ^M as a character that happens to be at the end of the line.
new.html: HTML document, ASCII text, with CRLF line terminators
When you cut the top 10 lines, it so happens that all of them have CRLF ending. Vim happily concludes "this should be a DOS file!", sets ff=dos and doesn't display the ^M to you, as it's now part of the line terminator.
Just like you can check what file thinks, you can check what Vim thinks about it using :set ff?
By the way, you can find the offending line (the one that uses LF instead of CRLF) using /^M\#<!$ (where ^M is Ctrl-VEnter).

How to convert decimal short output?

With od -N 64 -i mpich
on Ubuntu 14.04 I have
0000000 1135000353 1135000810 1135005924 1135016843
0000020 1135027542 1135036186 1135041461 1135041331
0000040 1135043045 1135052773 1135063618 1135067789
0000060 1135064934 1135052521 1135033974 1135019865
0000100
How to convert these decimal shorts into ascii?

To show "these" decimals:
perl -ane 'shift #F; print map {pack "l",$_ } #F' <<EOS | od -c
0000000 1135000353 1135000810 1135005924 1135016843
0000020 1135027542 1135036186 1135041461 1135041331
0000040 1135043045 1135052773 1135063618 1135067789
0000060 1135064934 1135052521 1135033974 1135019865
0000100
EOS

Invalid character (0xe2) in mnemonic

I have trouble compiling my assembly code.
gcc returns: func_select.s:5: Error: invalid character (0xe2) in mnemonic
func_select.s:7: Error: invalid character (0xe2) in mnemonic
here is the code (lines 5-7):
secondStringLength: ‫‪.string " second pstring length: %d‬‬\n"
OldChar: .string "‫‪old char: %c,‬‬"
NewChar: ‫‪.string " new char: %c,‬‬"
How can I fix this?

Remove the formatting characters embedded in the text.
$ charinfo 'secondStringLength:‫‪.string " second pstring length: %d‬‬\n"'
U+0073 LATIN SMALL LETTER S [Ll]
U+0065 LATIN SMALL LETTER E [Ll]
...
U+0068 LATIN SMALL LETTER H [Ll]
U+003A COLON [Po]
U+202B RIGHT-TO-LEFT EMBEDDING [Cf]
U+202A LEFT-TO-RIGHT EMBEDDING [Cf]
U+002E FULL STOP [Po]
U+0073 LATIN SMALL LETTER S [Ll]
...
U+0025 PERCENT SIGN [Po]
U+0064 LATIN SMALL LETTER D [Ll]
U+202C POP DIRECTIONAL FORMATTING [Cf]
U+202C POP DIRECTIONAL FORMATTING [Cf]
U+005C REVERSE SOLIDUS [Po]
U+006E LATIN SMALL LETTER N [Ll]
U+0022 QUOTATION MARK [Po]

Igancio Vazquez-Abrams is right. To provide more detail, according to xxd this is your first line:
$ cat b | xxd
00000000: 7365 636f 6e64 5374 7269 6e67 4c65 6e67 secondStringLeng
00000010: 7468 3a20 2020 2020 e280 abe2 80aa 2e73 th: .......s
00000020: 7472 696e 6720 2220 7365 636f 6e64 2070 tring " second p
00000030: 7374 7269 6e67 206c 656e 6774 683a 2025 string length: %
00000040: 64e2 80ac e280 ac5c 6e22 0a0a d......\n"..
Note: e2 80 ab and then e2 80 aa. These are the U+202B and U+202A mentioned earlier. Remove them (as well as the next 2 U+202C).

Customize file content display based on grep pattern

A log file has lots of data and is sorted based on data and time. The size of each log may vary in size.
I want to search for specific pattern in log file and if the pattern matches, it should display that particular log on the screen.
Any shell commands would be appreciable.
Log file example:-
07/17/2008 10:24:12.323411 >00.23
Line 441 of xx file
Dest IP Address: 192.189.52.255 Source IP Address: 192.189.52.200
000: 0101 0600 4D8C 444C 0000 0000 C0BD 34C8
008: C0BD 34C9 C0BD 34C9 0000 0000 FFFF FFFF
07/17/2008 10:24:12.323549 >000.000138
Use req data
000: 0231 7564 705F 7573 7272 6571 2073 6F63
07/17/2008 10:24:12.323566 >000.000017
Local 192.189.52.200 Port 68 : Remote 0.0.0.0 Port 0
000: 012D .-
000: 0000 0000 000A 0002 000A 012D ...........-
0: NULNUL NULNUL NULLF NULSTX NULLF SOH -
Here if I search for particular ip address 192.189.52.200. It should display whole event log correspondingly like,
07/17/2008 10:24:12.323566 >000.000017
Local 192.189.52.200 Port 68 : Remote 0.0.0.0 Port 0
000: 012D .-
000: 0000 0000 000A 0002 000A 012D ...........-
0: NULNUL NULNUL NULLF NULSTX NULLF -

This requires GNU AWK (gawk) because of using a regex for the record separator (RS).
#!/usr/bin/awk -f
BEGIN {
pattern = ARGV[1]
delete ARGV[1]
# could use --re-interval
d = "[0-9]"
RS = d d "/" d d "/" d d d d " " d d ":" d d ":" d d "[^\n]*\n"
}
NR > 1 && ($0 ~ pattern || rt ~ pattern) {
print rt
print $0
}
{
rt = RT # save RT for next record
}
It's not pretty, but it works.
Run it like this:
./script.awk regex logfile
Examples:
$ ./script.awk 'C0BD|012D' logfile
07/17/2008 10:24:12.323411 >00.23
Line 441 of xx file
Dest IP Address: 192.189.52.255 Source IP Address: 192.189.52.200
000: 0101 0600 4D8C 444C 0000 0000 C0BD 34C8
008: C0BD 34C9 C0BD 34C9 0000 0000 FFFF FFFF
07/17/2008 10:24:12.323566 >000.000017
Local 192.189.52.200 Port 68 : Remote 0.0.0.0 Port 0
000: 012D .-
000: 0000 0000 000A 0002 000A 012D ...........-
0: NULNUL NULNUL NULLF NULSTX NULLF SOH -
$ ./script.awk '10:24:12.323549' logfile
07/17/2008 10:24:12.323549 >000.000138
Use req data
000: 0231 7564 705F 7573 7272 6571 2073 6F63

You can use -A[n] flag with grep, where n us the number of lines after the match. e.g
grep -A6 '192.189.52.200' my.log

If you have Ruby or possibility to install it, you could write a script to parse the log file and print matching entries. Here is a script that should work:
filename=ARGV[0]
regexpArg=ARGV[1]
unless filename and regexpArg
puts "Usage: #{$0} <filename> <regexp>"
exit(1)
end
dateStr='\d\d\/\d\d\/\d\d\d\d'
timeStr='[0-9:.]+'
whitespace='\s+'
regexpStr = dateStr + whitespace + timeStr + whitespace + '>[0-9.]+'
recordStart=Regexp.new(regexpStr)
records=[]
file=File.new(filename, "r")
addingToRecord = false
currentRecord = ""
file.each_line { |line|
match = recordStart.match(line)
if addingToRecord
if match
records.push(currentRecord)
currentRecord = line
else
currentRecord += line
end
else
if match
addingToRecord = true
currentRecord = line
end
end
}
file.close
regexp=Regexp.new(regexpArg)
records.each { |r|
if regexp.match(r)
puts "----------------------------------------"
puts r
puts "----------------------------------------"
end
}

Resources