cut
Brad De Vries
devriesbj
Mon May 17 11:38:04 PDT 2004
You could try the 'sed' command:
cat kernel.01 | sed -e "s/.*DPT=/DPT=/" -e
"s/ .*//"
That would replace everything up to the first
"DPT=" with nothing and everything from the
first space character to the end of the line with
nothing.
HTH,
Brad.
--- "m.w.chang" <mwchang at netvigator.com>
wrote:
> cat kernel.01 | cut -f 19-20 -d\r
>
> SPT=2701 DPT=27374
> SPT=2701 DPT=27374
> SPT=2701 DPT=27374
> SPT=2701 DPT=27374
> SPT=4169 DPT=1433
> SPT=4169 DPT=1433
> DPT=139 WINDOW=5360
> DPT=139 WINDOW=5360
> DPT=139 WINDOW=5360
>
> this doesn't quite work because the number of
fields
> varied on each
> iptables log entry. field 19 may not always be
the
> DPT=xxx column.
>
> How to create a column containing only the
> "DPT=9999" column?
> Once that's done, I could apply `uniq -c` on it.
>
>
>
> --
> Swiftly. Silently. Invisibly. .~. In Linux
we
> trust.
> / v \r
> news://news.hkpcug.org /( _ )
> http://www.linux-sxs.org
__________________________________________________
Do you Yahoo!?
New DSL Internet Access from SBC & Yahoo!
http://sbc.yahoo.com
More information about the Linux-users
mailing list