A log file has lots of data and is sorted based on data and time. The size of each log may vary in size.
I want to search for specific pattern in log file and if the pattern matches, it should display that particular log on the screen.
Any shell commands would be appreciable.
Log file example:-
07/17/2008 10:24:12.323411 >00.23
Line 441 of xx file
Dest IP Address: 192.189.52.255 Source IP Address: 192.189.52.200
000: 0101 0600 4D8C 444C 0000 0000 C0BD 34C8
008: C0BD 34C9 C0BD 34C9 0000 0000 FFFF FFFF
07/17/2008 10:24:12.323549 >000.000138
Use req data
000: 0231 7564 705F 7573 7272 6571 2073 6F63
07/17/2008 10:24:12.323566 >000.000017
Local 192.189.52.200 Port 68 : Remote 0.0.0.0 Port 0
000: 012D .-
000: 0000 0000 000A 0002 000A 012D ...........-
0: NULNUL NULNUL NULLF NULSTX NULLF SOH -
Here if I search for particular ip address 192.189.52.200. It should display whole event log correspondingly like,
07/17/2008 10:24:12.323566 >000.000017
Local 192.189.52.200 Port 68 : Remote 0.0.0.0 Port 0
000: 012D .-
000: 0000 0000 000A 0002 000A 012D ...........-
0: NULNUL NULNUL NULLF NULSTX NULLF -
This requires GNU AWK (gawk) because of using a regex for the record separator (RS).
#!/usr/bin/awk -f
BEGIN {
pattern = ARGV[1]
delete ARGV[1]
# could use --re-interval
d = "[0-9]"
RS = d d "/" d d "/" d d d d " " d d ":" d d ":" d d "[^\n]*\n"
}
NR > 1 && ($0 ~ pattern || rt ~ pattern) {
print rt
print $0
}
{
rt = RT # save RT for next record
}
It's not pretty, but it works.
Run it like this:
./script.awk regex logfile
Examples:
$ ./script.awk 'C0BD|012D' logfile
07/17/2008 10:24:12.323411 >00.23
Line 441 of xx file
Dest IP Address: 192.189.52.255 Source IP Address: 192.189.52.200
000: 0101 0600 4D8C 444C 0000 0000 C0BD 34C8
008: C0BD 34C9 C0BD 34C9 0000 0000 FFFF FFFF
07/17/2008 10:24:12.323566 >000.000017
Local 192.189.52.200 Port 68 : Remote 0.0.0.0 Port 0
000: 012D .-
000: 0000 0000 000A 0002 000A 012D ...........-
0: NULNUL NULNUL NULLF NULSTX NULLF SOH -
$ ./script.awk '10:24:12.323549' logfile
07/17/2008 10:24:12.323549 >000.000138
Use req data
000: 0231 7564 705F 7573 7272 6571 2073 6F63
You can use -A[n] flag with grep, where n us the number of lines after the match. e.g
grep -A6 '192.189.52.200' my.log
If you have Ruby or possibility to install it, you could write a script to parse the log file and print matching entries. Here is a script that should work:
filename=ARGV[0]
regexpArg=ARGV[1]
unless filename and regexpArg
puts "Usage: #{$0} <filename> <regexp>"
exit(1)
end
dateStr='\d\d\/\d\d\/\d\d\d\d'
timeStr='[0-9:.]+'
whitespace='\s+'
regexpStr = dateStr + whitespace + timeStr + whitespace + '>[0-9.]+'
recordStart=Regexp.new(regexpStr)
records=[]
file=File.new(filename, "r")
addingToRecord = false
currentRecord = ""
file.each_line { |line|
match = recordStart.match(line)
if addingToRecord
if match
records.push(currentRecord)
currentRecord = line
else
currentRecord += line
end
else
if match
addingToRecord = true
currentRecord = line
end
end
}
file.close
regexp=Regexp.new(regexpArg)
records.each { |r|
if regexp.match(r)
puts "----------------------------------------"
puts r
puts "----------------------------------------"
end
}
Related
I am having trouble with the command in title
[user ~]$ git init --bare $HOME/.git
[user ~]$ git --git-dir="$HOME/.git/" --work-tree="$HOME" status
bash: git --git-dir=/home/user/.git/ --work-tree=/home/user: No such file or directory
This happens on a particular linux machine - another one running same distro with X11 instead of Wayland executes this line just fine.
I have already tried re-installing git without success.
Any help is very appreciate at this point!
You have non-breaking space instead of regular space between your command and its parameters:
$ od -a <<EOF
[user ~]$ git --git-dir="$HOME/.git/" --work-tree="$HOME" status
EOF
0000000 [ u s e r sp ~ ] $ sp g i t B sp -
0000020 - g i t - d i r = " / h o m e /
0000040 k n i t t l / . g i t / " B sp -
0000060 - w o r k - t r e e = " / h o m
0000100 e / k n i t t l " sp s t a t u s
0000120 nl
0000121
That B sp should be only sp.
You can also use xxd to get a hex dump:
$ xxd <<EOF
[user ~]$ git --git-dir="$HOME/.git/" --work-tree="$HOME" status
EOF
00000000: 5b75 7365 7220 7e5d 2420 6769 74c2 a02d [user ~]$ git..-
00000010: 2d67 6974 2d64 6972 3d22 2f68 6f6d 652f -git-dir="/home/
00000020: 6b6e 6974 746c 2f2e 6769 742f 22c2 a02d knittl/.git/"..-
00000030: 2d77 6f72 6b2d 7472 6565 3d22 2f68 6f6d -work-tree="/hom
00000040: 652f 6b6e 6974 746c 2220 7374 6174 7573 e/knittl" status
00000050: 0a
As you can see, there are two bytes between the command and its arguments: c2 a0 (non-breaking space), but it should be 20 (space).
Your command must be:
[user ~]$ git --git-dir="$HOME/.git/" --work-tree="$HOME" status
but you have:
[user ~]$ git --git-dir="$HOME/.git/" --work-tree="$HOME" status
Can you spot the difference? :)
I have an annoying problem with zip and zipnote programs (both in 3.0 version) in my Debian stable platform.
I wish to create a zip archive storing (not compressing) data from standard input, without extra attributes/fields, and giving a name to the resulting file inside the zip file.
My first try was
printf "foodata" | zip -X0 bar.zip -
printf "# -\n#=foofile\n" | zipnote -w bar.zip
where zip create a bar.zip archive, with a stored file "-" containing "foodata", and zipnote rename the file from "-" to "foofile".
First problem (solved): zip, as we can see from zipdetails
001E Filename '-'
001F Extra ID #0001 0001 'ZIP64'
0021 Length 0010
0023 Uncompressed Size 0000000000000007
002B Compressed Size 0000000000000007
receiving data from standard input, doesn't know the size of the resulting file so create a PKZIP 4.5 compatible zip archive (that can exceed 4 GB) using Zip64 extension and adding a Zip64 extra attribute to the file.
And the -X option remove extrafile attributes but doesn't remove the Zip64 extra field.
This problem is easily solvable adding the -fz- option, as stated in zip man page
// .................................VVVV
printf "foodata" | zip -X0 -fz- bar.zip -
Now bar.zip is a PKZIP 2 compatible file and there isn't the Zip64 extra field.
Second problem (not solved): zipnote change the name of the contained file and add the Zip64 field to the file.
I don't know why.
According the zip man page
zip removes the Zip64 extensions if not needed when archive entries are copied (see the -U (--copy) option).
So I understand that
zip bar.zip --out bar-corrected.zip
should create a new bar-corrected.zip archive where the file foofile isZip64free (thefoofileis very short so theZip64` extension isn't needed, I presume).
Unfortunately, this doesn't works: I get the warning
copying: foofile
zip warning: Local Version Needed To Extract does not match CD: foofile
and the resulting file maintain the Zip64 extension.
And seems that doesn't works explicating the filename or adding the -fz- option: I've tried a lot o combinations but (maybe is my fault) without success.
Questions:
(1) can I avoid (and how) that zipnote, changing the name of a file, add the Zip64 fields to it?
(2) otherwise, how can I use zip (with --copy? with -fz-?) to create a new zip archive Zip64 extension free?
[Edit: Updated to use Store rather than Deflate]
Not sure how to achieve what you want with zip and zipnote, but here is an alternative.
echo abc | perl -MIO::Compress::Zip=zip -e ' zip "-" => "out.zip", Method => 0, Name => "member.txt" '
$ unzip -lv out.zip
Archive: out.zip
Length Method Size Cmpr Date Time CRC-32 Name
-------- ------ ------- ---- ---------- ----- -------- ----
4 Stored 4 0% 2019-10-10 21:54 4788814e member.txt
-------- ------- --- -------
4 4 0% 1 file
No Zip64 or extra attributes are present in the zip file.
$ zipdetails out.zip
0000 LOCAL HEADER #1 04034B50
0004 Extract Zip Spec 14 '2.0'
0005 Extract OS 00 'MS-DOS'
0006 General Purpose Flag 0008
[Bit 3] 1 'Streamed'
0008 Compression Method 0000 'Stored'
000A Last Mod Time 4F4AAECA 'Thu Oct 10 21:54:20 2019'
000E CRC 00000000
0012 Compressed Length 00000000
0016 Uncompressed Length 00000000
001A Filename Length 000A
001C Extra Length 0000
001E Filename 'member.txt'
0028 PAYLOAD abc.
002C STREAMING DATA HEADER 08074B50
0030 CRC 4788814E
0034 Compressed Length 00000004
0038 Uncompressed Length 00000004
003C CENTRAL HEADER #1 02014B50
0040 Created Zip Spec 14 '2.0'
0041 Created OS 03 'Unix'
0042 Extract Zip Spec 14 '2.0'
0043 Extract OS 00 'MS-DOS'
0044 General Purpose Flag 0008
[Bit 3] 1 'Streamed'
0046 Compression Method 0000 'Stored'
0048 Last Mod Time 4F4AAECA 'Thu Oct 10 21:54:20 2019'
004C CRC 4788814E
0050 Compressed Length 00000004
0054 Uncompressed Length 00000004
0058 Filename Length 000A
005A Extra Length 0000
005C Comment Length 0000
005E Disk Start 0000
0060 Int File Attributes 0000
[Bit 0] 0 'Binary Data'
0062 Ext File Attributes 81A40000
0066 Local Header Offset 00000000
006A Filename 'member.txt'
0074 END CENTRAL HEADER 06054B50
0078 Number of this disk 0000
007A Central Dir Disk no 0000
007C Entries in this disk 0001
007E Total Entries 0001
0080 Size of Central Dir 00000038
0084 Offset to Central Dir 0000003C
0088 Comment Length 0000
Done
Created a simple script that wraps the previous answer. See streamzip
Usage is
printf "foodata" | streamzip -method=store -member-name=foofile -zipfile=/tmp/bar.zip
This is what unzip thinks is in the zip file
unzip -lv /tmp/bar.zip
Archive: /tmp/bar.zip
Length Method Size Cmpr Date Time CRC-32 Name
-------- ------ ------- ---- ---------- ----- -------- ----
7 Stored 7 0% 2019-10-15 20:25 1b7dd7cd foofile
-------- ------- --- -------
7 7 0% 1 file
With od -N 64 -i mpich
on Ubuntu 14.04 I have
0000000 1135000353 1135000810 1135005924 1135016843
0000020 1135027542 1135036186 1135041461 1135041331
0000040 1135043045 1135052773 1135063618 1135067789
0000060 1135064934 1135052521 1135033974 1135019865
0000100
How to convert these decimal shorts into ascii?
To show "these" decimals:
perl -ane 'shift #F; print map {pack "l",$_ } #F' <<EOS | od -c
0000000 1135000353 1135000810 1135005924 1135016843
0000020 1135027542 1135036186 1135041461 1135041331
0000040 1135043045 1135052773 1135063618 1135067789
0000060 1135064934 1135052521 1135033974 1135019865
0000100
EOS
I have trouble compiling my assembly code.
gcc returns: func_select.s:5: Error: invalid character (0xe2) in mnemonic
func_select.s:7: Error: invalid character (0xe2) in mnemonic
here is the code (lines 5-7):
secondStringLength: .string " second pstring length: %d\n"
OldChar: .string "old char: %c,"
NewChar: .string " new char: %c,"
How can I fix this?
Remove the formatting characters embedded in the text.
$ charinfo 'secondStringLength:.string " second pstring length: %d\n"'
U+0073 LATIN SMALL LETTER S [Ll]
U+0065 LATIN SMALL LETTER E [Ll]
...
U+0068 LATIN SMALL LETTER H [Ll]
U+003A COLON [Po]
U+202B RIGHT-TO-LEFT EMBEDDING [Cf]
U+202A LEFT-TO-RIGHT EMBEDDING [Cf]
U+002E FULL STOP [Po]
U+0073 LATIN SMALL LETTER S [Ll]
...
U+0025 PERCENT SIGN [Po]
U+0064 LATIN SMALL LETTER D [Ll]
U+202C POP DIRECTIONAL FORMATTING [Cf]
U+202C POP DIRECTIONAL FORMATTING [Cf]
U+005C REVERSE SOLIDUS [Po]
U+006E LATIN SMALL LETTER N [Ll]
U+0022 QUOTATION MARK [Po]
Igancio Vazquez-Abrams is right. To provide more detail, according to xxd this is your first line:
$ cat b | xxd
00000000: 7365 636f 6e64 5374 7269 6e67 4c65 6e67 secondStringLeng
00000010: 7468 3a20 2020 2020 e280 abe2 80aa 2e73 th: .......s
00000020: 7472 696e 6720 2220 7365 636f 6e64 2070 tring " second p
00000030: 7374 7269 6e67 206c 656e 6774 683a 2025 string length: %
00000040: 64e2 80ac e280 ac5c 6e22 0a0a d......\n"..
Note: e2 80 ab and then e2 80 aa. These are the U+202B and U+202A mentioned earlier. Remove them (as well as the next 2 U+202C).
My web app is displaying some bizarro output (unicode characters that shouldn't be there, etc.). The best I can reckon is that somehow I introduced a bad char somewhere in the source, but I can't figure out where.
I found this answer that states I can do something like:
grep -obUaP "<\x-hex pattern>" .
When I copy the unicode char out of the browser and into my Bless hex editor, it tells me that the exact bytes of the char are:
15 03 01 EF BF BD 02 02
How can I format <\xhex pattern> to match the exact bytes that I need. I tried:
grep -obUaP "<\x-15 03 01 EF BF BD 02 02>" .
But that doesn't work. Thoughts?
Check the post again. FrOsT is not including the '<' and '>' in his actual grep command. He only used the carats to enclose an example statement. His actual statement looks like this:
"\x01\x02"
not:
"<\x01\x02>"
I have a C source file on my computer that begins with the line:
#include <stdio.h>
When I run
grep -obUaP '\x69\x6E\x63\x6C\x75\x64\x65' io.c
I get
1:include
That is, the line number followed by only the string matching the pattern.
You may want to run
man grep
and find out what all those options mean.
It may be easiest to write the pattern of hex bytes to a separate file and load that into stdin for the search.
In this example there is a file sampletext, consisting of the 256 sequential bytes and the occasional newline, and searchstring, a sequence of characters to grep for.
$ xxd sampletext
00000000: 0001 0203 0405 0607 0809 0a0b 0c0d 0e0f ................
00000010: 0a10 1112 1314 1516 1718 191a 1b1c 1d1e ................
00000020: 1f0a 2021 2223 2425 2627 2829 2a2b 2c2d .. !"#$%&'()*+,-
00000030: 2e2f 0a30 3132 3334 3536 3738 393a 3b3c ./.0123456789:;<
00000040: 3d3e 3f0a 4041 4243 4445 4647 4849 4a4b =>?.#ABCDEFGHIJK
00000050: 4c4d 4e4f 0a50 5152 5354 5556 5758 595a LMNO.PQRSTUVWXYZ
00000060: 5b5c 5d5e 5f0a 6061 6263 6465 6667 6869 [\]^_.`abcdefghi
00000070: 6a6b 6c6d 6e6f 0a70 7172 7374 7576 7778 jklmno.pqrstuvwx
00000080: 797a 7b7c 7d7e 7f0a 8081 8283 8485 8687 yz{|}~..........
00000090: 8889 8a8b 8c8d 8e8f 0a90 9192 9394 9596 ................
000000a0: 9798 999a 9b9c 9d9e 9f0a a0a1 a2a3 a4a5 ................
000000b0: a6a7 a8a9 aaab acad aeaf 0ab0 b1b2 b3b4 ................
000000c0: b5b6 b7b8 b9ba bbbc bdbe bf0a c0c1 c2c3 ................
000000d0: c4c5 c6c7 c8c9 cacb cccd cecf 0ad0 d1d2 ................
000000e0: d3d4 d5d6 d7d8 d9da dbdc ddde df0a e0e1 ................
000000f0: e2e3 e4e5 e6e7 e8e9 eaeb eced eeef 0af0 ................
00000100: f1f2 f3f4 f5f6 f7f8 f9fa fbfc fdfe ff0a ................
$ xxd searchstring
00000000: 8081 8283 ....
By redirecting searchstring into stdin, grep can look for the bytes directly
$ grep -a "$(<searchstring)" sampletext | xxd
00000000: 8081 8283 8485 8687 8889 8a8b 8c8d 8e8f ................
00000010: 0a .
$ grep -ao "$(<searchstring)" sampletext | xxd
00000000: 8081 8283 0a .....