Return to Question

Using only grep and awk is it possible to print MMM DD HH:MM:SS plus another field (e.g. SRC) from a log file? So on a large log file extract only date, time and SRC...

Sample info from log: Oct 19 21:13:00 server kernel: [ 6457.382677] PING:IN=eth0 OUT= MAC=00:00:00:00:00:05:00:00:00:00:00:00:00:00 SRC=192.168.0.101 DST=192.168.0.102 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=52472 DF PROTO=ICMP TYPE=8 CODE=0 ID=2438 SEQ=3 Oct 19 21:13:01 server kernel: [ 6458.385884] PING:IN=eth0 OUT= MAC=00:00:00:00:00:05:00:00:00:00:00:00:00:00 SRC=192.168.0.101 DST=192.168.0.102 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=52719 DF PROTO=ICMP TYPE=8 CODE=0 ID=2438 SEQ=4

Expected output:

Oct 19 21:13:00 SRC=192.168.0.101

Using only grep and awk is it possible to print MMM DD HH:MM:SS plus another field (e.g. SRC) from a log file? So on a large log file extract only date, time and SRC...

Sample info from log:

Oct 19 21:13:00 server kernel: [ 6457.382677] PING:IN=eth0 OUT= MAC=00:00:00:00:00:05:00:00:00:00:00:00:00:00 SRC=192.168.0.101 DST=192.168.0.102 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=52472 DF PROTO=ICMP TYPE=8 CODE=0 ID=2438 SEQ=3
Oct 19 21:13:01 server kernel: [ 6458.385884] PING:IN=eth0 OUT= MAC=00:00:00:00:00:05:00:00:00:00:00:00:00:00 SRC=192.168.0.101 DST=192.168.0.102 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=52719 DF PROTO=ICMP TYPE=8 CODE=0 ID=2438 SEQ=4

Expected output:

Oct 19 21:13:00 SRC=192.168.0.101

Using only grep and awk is it possible to print MMM DD HH:MM:SS plus another field (e.g. SRC) from a log file? This should list Source addresses from my log file but I do not know how to add the date at the beginning?

grep PROTO=TCP logfile | awk -F, '{for(i=1;i<=NF;i++){if($i=="SRC"){print $i}}}' 

Using only grep and awk is it possible to print MMM DD HH:MM:SS plus another field (e.g. SRC) from a log file? So on a large log file extract only date, time and SRC...

Sample info from log: Oct 19 21:13:00 server kernel: [ 6457.382677] PING:IN=eth0 OUT= MAC=00:00:00:00:00:05:00:00:00:00:00:00:00:00 SRC=192.168.0.101 DST=192.168.0.102 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=52472 DF PROTO=ICMP TYPE=8 CODE=0 ID=2438 SEQ=3 Oct 19 21:13:01 server kernel: [ 6458.385884] PING:IN=eth0 OUT= MAC=00:00:00:00:00:05:00:00:00:00:00:00:00:00 SRC=192.168.0.101 DST=192.168.0.102 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=52719 DF PROTO=ICMP TYPE=8 CODE=0 ID=2438 SEQ=4

Expected output:

Oct 19 21:13:00 SRC=192.168.0.101

Using only grep and awk is it possible to print MMM DD HH:MM:SS plus another field (e.g. SRC) from a log file? This should list Source addresses from my log file but I do not know how to add the date at the beginning?

grep PROTO=TCP logfile | awk -F, '{for(i=1;i<=NF;i++){if($i=="SRC"){print $i}}}'

Using only grep and awk is it possible to print MMM DD HH:MM:SS plus another field (e.g. SRC) from a log file? This should list Source addresses from my log file but I do not know how to add the date at the beginning?

grep PROTO=TCP logfile | awk -F, '{for(i=1;i<=NF;i++){if($i=="SRC"){print $i}}}'