SED Help

From: Mike Vanecek (rh_list_at_mm-vanecek.cc)
Date: 05/16/04

  • Next message: Jason Dixon: "Re: SED Help"
    To: "redhat_list" <redhat-list@redhat.com>
    Date: Sun, 16 May 2004 09:07:43 -0500
    
    

    Given this text in packet.test2

    May 16 21:35:35 www kernel: icmp_try IN=eth0 OUT=
    MAC=00:d0:09:3d:69:81:00:04:5a:ef:5e:1d:08:00 SRC=144.232.20.162
    DST=192.168.1.95 LEN=56 TOS=0x00 PREC=0xC0 TTL=241 ID=57923 PROTO=ICMP TYPE=11
     CODE=0 [SRC=66.76.12.5 DST=200.216.94.217 LEN=40 TOS=0x00 PREC=0x00 TTL=1
    ID=25653 PROTO=TCP INCOMPLETE [8 bytes] ]
    May 16 21:54:39 www kernel: icmp_try IN=eth0 OUT=
    MAC=00:d0:09:3d:69:81:00:04:5a:ef:5e:1d:08:00 SRC=144.232.7.98
    DST=192.168.1.95 LEN=56 TOS=0x00 PREC=0x00 TTL=239 ID=0 PROTO=ICMP TYPE=11
    CODE=0 [SRC=66.76.12.5 DST=200.222.69.36 LEN=40 TOS=0x00 PREC=0x00 TTL=1
    ID=62986 PROTO=TCP INCOMPLETE [8 bytes] ]

    Why does this command

    $ grep -i "`date '+%b %_d'`" packet.test2 | sed -re
    's/.*SRC=([0-9]+\.[0-9]+\.[0-9]+\.[0-9]).*/\1/'
    66.76.12.5
    66.76.12.5

    pick up the second SRC rather than the first?

    My brain, eyes, or both are just not finding it...

    Thanks.

    -- 
    redhat-list mailing list
    unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
    https://www.redhat.com/mailman/listinfo/redhat-list
    

  • Next message: Jason Dixon: "Re: SED Help"