2

I have a string in a bash script that contains a line of a log entry such as this:

Oct 24 12:37:45 10.224.0.2/10.224.0.2 14671: Oct 24 2012 12:37:44.583 BST: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: root] [Source: 10.224.0.58] [localport: 22] [Reason: Login Authentication Failed] at 12:37:44 BST Wed Oct 24 2012

To clarify; the first IP listed there "10.224.0.2" was the machine the submitted this log entry, of a failed login attempt. Someone tried to log in, and failed, from the machine at the 2nd IP address in the log entry, "10.224.0.58".

I wish to replace the first occurrence of the IP address "10.224.0.2" with the host name of that machine, as you can see presently is is "IPADDRESS/IPADDRESS" which is useless having the same info twice. So here, I would like to grep (or similar) out the first IP and then pass it to something like the host command to get the reverse host and replace it in the log output.

I would like to repeat this for the 2nd IP "10.224.0.58". I would like to find this IP and also replace it with the host name.

It's not just those two specific IP address though, any IP address. So I want to search for 4 integers between 1 and 3, separated by 3 full stops '.'

Is regex the way forward here, or is that over complicating the issue?

Many thanks.

Improve this question
3
  • Do you want any IP address or this specific one? Commented Oct 25, 2012 at 12:39
  • You need to provide some better sample input, the expected output from that input, an explanation of why you want to find those 2 specific IP addresses in a file when you already know them, and what you mean by "a variable" - a shell variable, an awk variable? something else? What command do you use to do a "reverse lookup"? Commented Oct 25, 2012 at 12:41
  • I have updated the question, hopefully this has clarified my requirements Commented Oct 25, 2012 at 12:47

3 Answers 3

Reset to default
7

Replace a fixed IP address with a host name:

$ cat log | sed -r 's/10\.224\.0\.2/example.com/g'

Replace all IP addresses with a host name:

$ cat log | sed -r 's/[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/example.com/g'

If you want to call an external program, it's easy to do that using Perl (just replace host with your lookup tool):

$ cat log | perl -pe 's/(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})/`host \1`/ge'

Hopefully this is enough to get you started.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

There's variou ways to find th IP addresses, here's one. Just replace "printf '<<<%s>>>' " with "host" or whatever your command name is in this GNU awk script:

$ cat tst.awk
{
    subIp = gensub(/\/.*$/,"","",$4)
    srcIp = gensub(/.*\[Source: ([^]]+)\].*/,"\\1","")

    "printf '<<<%s>>>' " subIp | getline subName
    "printf '<<<%s>>>' " srcIp | getline srcName

    gsub(subIp,subName)
    gsub(srcIp,srcName)

    print
}
$
$ gawk -f tst.awk file
Oct 24 12:37:45 <<<10.224.0.2>>>/<<<10.224.0.2>>> 14671: Oct 24 2012 12:37:44.583 BST: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: root] [Source: <<<10.224.0.58>>>] [localport: 22] [Reason: Login Authentication Failed] at 12:37:44 BST Wed Oct 24 2012
Improve this answer

Comments

0

googled this one line command together. but was unable to pass the founded ip address to the ssh command:

sed -n 's/\([0-9]\{1,3\}\.\)\{3\}[0-9]\{1,3\}/\nip&\n/gp' test | grep ip | sed 's/ip//' |   sort | uniq

the "test" is the file the sed command is searching for for the pattern

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.