Created
April 16, 2014 03:09
-
-
Save dualbus/10801960 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # read a line | |
| while IFS= read -r line; do | |
| # remove everything *after* (%%) the first space in the string | |
| # that's the date. | |
| date=${line%% *} | |
| # remove everything *before* (##) 'SRC=' from line, and put that in | |
| # line again. remove everything *after* (%%) 'PROTO=', and put that | |
| # in line. | |
| line=${line##*SRC=} line=${line%%PROTO=*} | |
| echo "\$line is now: $line" | |
| # $line now looks like: | |
| # '192.168.0.1 DST=23.62.6.43'. There's that annoying DST= in the | |
| # middle. We'll remove it. | |
| # to get src, remove everything after the first space. | |
| src=${line%% *} | |
| # to get dst, remove everything before the = sign. | |
| dst=${line##*=} | |
| echo "date $date src $src dst $dst"; | |
| done <<eof | |
| 2014-02-14T09:59:31-04:00 RouterName KERNEL [Kernel] [FIREWALL] SRC_MAC_MATCH[ACCEPT] SRC MAC = 00:11:22:33:44:55 IN=LAN OUT=WAN SRC=192.168.0.1 DST=23.62.6.43 PROTO=TCP SPT=53242 DPT=80 | |
| eof |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment