HPE Community
Operating System - HP-UX
1834935 Members
2367 Online
110071 Solutions
New Discussion

Re: Help parsing file

 
Sean OB_1
Honored Contributor

‎07-30-2004 06:41 AM

‎07-30-2004 06:41 AM

Help parsing file

I have a file with info like this in it:

Interesting ports on mke1qdhe06.corp.fortishealth.com (165.245.247.239)
(The 1650 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
1027/tcp open IIS
1494/tcp open citrix-ica
3372/tcp open msdtc
3389/tcp open ms-term-serv
8080/tcp open http-proxy
8081/tcp open blackice-icecap
Device type: general purpose
Running: Microsoft Windows 95/98/ME|NT/2K/XP OS
details: Microsoft Windows Millennium Edition (Me), Windows 2000 Pro


Each machine has a block like this. I need to parse out the IP address of the server, but only if it is a Windows server.

Any ideas?
TIA and points for all responses.

Sean
0 Kudos
Reply
9 REPLIES 9
Pete Randall
Outstanding Contributor

‎07-30-2004 06:53 AM

‎07-30-2004 06:53 AM

Re: Help parsing file

Sean,

Here's an idea from "Handy One-Liners for Sed" (attached).

# print 1 line of context before and after regexp, with line number
# indicating where the regexp occurred (similar to "grep -A1 -B1")
sed -n -e '/regexp/{=;x;1!p;g;$!N;p;D;}' -e h

I believe you could alter that to print the IP address line.


Pete

Pete
0 Kudos
Reply
RAC_1
Honored Contributor

‎07-30-2004 06:55 AM

‎07-30-2004 06:55 AM

Re: Help parsing file

cat file | grep "Interesting ports on" | awk -F " " '{print $NF, " "}' >> /tmp/host.txt
cat file|grep "Running" |awk -F ":" '{print $2}' >> /tmp/os.txt

paste /tmp/os.txt /tmp/host.txt > /tmp/final.txt
awk -F " " '{if ($1==Microsoft) print}' /tmp/final.txt

Anil

There is no substitute to HARDWORK
0 Kudos
Reply
Sean OB_1
Honored Contributor

‎07-30-2004 07:08 AM

‎07-30-2004 07:08 AM

Re: Help parsing file

Pete,

How would that work since the IP line could vary in the number of lines away from the server line?
0 Kudos
Reply
Pete Randall
Outstanding Contributor

‎07-30-2004 07:12 AM

‎07-30-2004 07:12 AM

Re: Help parsing file

Sean,

Sorry, I assumed that it would be consistent - if it's not, that idea won't work.


Pete

Pete
0 Kudos
Reply
Rodney Hills
Honored Contributor

‎07-30-2004 07:12 AM

‎07-30-2004 07:12 AM

Re: Help parsing file

How about with perl-

perl -n -e '/^Interesting ports on (\S+)\s+(\d+\.\d+\.\d+)/ && do { $mach=$1; $ip=$2; }; /^Running.*Windows/i && do { print "$ip $mach\n";' yourinputfile.txt

HTH

-- Rod Hills
There be dragons...
0 Kudos
Reply
curt larson_1
Honored Contributor

‎07-30-2004 09:45 AM

‎07-30-2004 09:45 AM

Re: Help parsing file

cat yourfile |
awk '
/^Interesting/ {mach=$4;ip=$5;next;}
/^Running/ { if ( $0 ~ "[W,w]indows" )
print $4 " " $5;}'
0 Kudos
Reply
curt larson_1
Honored Contributor

‎07-30-2004 09:59 AM

‎07-30-2004 09:59 AM

Re: Help parsing file

oops

i hope you caught that
/^Running/ { if ( $0 ~ "[W,w]indows" )
print $4 " " $5;}'

should have been
/^Running/ { if ( $0 ~ "[W,w]indows" )
print mach " " ip;}'
0 Kudos
Reply
D Block 2
Respected Contributor

‎07-30-2004 03:55 PM

‎07-30-2004 03:55 PM

Re: Help parsing file

Sean,

is there anyway you can create the output file different format without the Block of fields ? How about merging into a long record with a field separator ?

how about columns separated with | instead of '\n'. I'm thinking a simple:

IFS=|
egrep -i 'running:Micro' FILE-NAME | cut -f1

record sample follows:
mke1qdhe06.corp.fortishealth.com (165.245.247.239)|(The 1650 ports scanned but not shown below are in state: closed)|PORT STATE SERVICE|135/tcp open msrpc|139/tcp open netbios-ssn|445/tcp open microsoft-ds|1027/tcp open IIS|1494/tcp open citrix-ica|3372/tcp open msdtc


Golf is a Good Walk Spoiled, Mark Twain.
0 Kudos
Reply
Muthukumar_5
Honored Contributor

‎07-30-2004 08:26 PM

‎07-30-2004 08:26 PM

Re: Help parsing file

We can do it with awk program as,

Get the IP-Address first and check weather Running: Microsoft keyword is there or not. IF so print ip ( wiht () ) else none


awk '{ if ( $1 == "Interesting" && $2 == "ports" ) ip=$5
if ( $1 == "Running:" && $2 == "Microsoft" ) test=1 }
END { if ( test == 1) print ip }' tst.log | tr -d '()'

Your output will be ..,
165.245.247.239

Regards
Muthu

Easy to suggest when don't know about the problem!
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.