Bash - parsing

**C4N4rD** · 04-27-2010

Hi,

I want to parse a log file like this:

Code:

Date       Time     Module Level  Type Description
2010-04-20 14:18:42 system alert 00003 Multiple authentication failures have 
                                       been detected!  From 10.10.10.19                                       
                                       to 10.10.10.19, proto TCP (zone 
                                       Trust, int ethernet0/3). Occurred 1 
                                       times.
2010-04-16 16:32:39 system alert 00003 Multiple authentication failures have 
                                       been detected!  From 10.17.10.10
                                       to 10.10.10.19, proto TCP (zone 
                                       Trust, int ethernet0/3). Occurred 1 
                                       times.
[...]

To get each record in one line, like this :

Code:

2010-04-20 14:18:42 system alert 00003 Multiple authentication failures have been detected!  From 10.10.10.19 to 10.10.10.19, proto TCP (zone Trust, int ethernet0/5). Occurred 1 times.

The big problem is with the lines which begin after many spaces... I don't know how to manage them.

I tried this to delete but that's do not works because they are space and not tabulation:

Code:

tr "\t" " "

Thanks

**tpl** · 04-27-2010

you're on the right track with "tr"--here's a kludge using "AAAAAA" as a
marker, later replaced by newline. On the second line, the initial space
resists autoremoval

'file' for logfile name)

sed '1d; s/times./times.AAAAAA/' <file | tr -t \\n " " | tr -s " " | tr AAAAAA \\n | tr -s \\n

**blinky** · 04-27-2010

Code:

cat test.txt | sed 's/\s\+$//g' | \
  sed 's/^/_REC_START_/g' | \
  sed 's/_REC_START_\s\+/_SPACE_TO_REMOVE_/g' | \
  tr -d '\n' | sed 's/_SPACE_TO_REMOVE_/ /g' | \
  sed 's/_REC_START_/\n/g'

produced

Code:

Date       Time     Module Level  Type Description
2010-04-20 14:18:42 system alert 00003 Multiple authentication failures have been detected!  From 10.10.10.19 to 10.10.10.19, proto TCP (zone Trust, int ethernet0/3). Occurred 1 times.
2010-04-16 16:32:39 system alert 00003 Multiple authentication failures have been detected!  From 10.17.10.10 to 10.10.10.19, proto TCP (zone Trust, int ethernet0/3). Occurred 1 times.

Don't know if that helps.

**C4N4rD** · 04-27-2010

@tpl Thank you for you help!

@blinky That's not help, that's the solution :P Now I will do the necessary do understand your code.

Thanks guys!

**blinky** · 04-27-2010

Sorry I was in a hurry (had to take my son to football training),

First sed - remove trailing whitespace
Second sed - place _REC_START_ at start of each line
Third sed - Remove "_REC_START_ " with _SPACE_TO_REMOVE_ (sloppy could have just replaced with one space and not require forth sed)
tr - remove end of line (\n)
Forth sed - replace _SPACE_TO_REMOVE_ with single space
Last sed - replace _REC_START_ with end of line (\n)

Thread Tools

Display

Bash - parsing

Posting Permissions