Re: [Declude.JunkMail] OT: GREP Help Needed

[Serge]

Title: Message

thanks andrew we ended up importing to a database and using sql to get the needed info     ----- Original Message ----- From: Colbeck, Andrew To: '[EMAIL PROTECTED]' Sent: Monday, May 31, 2004 7:06 AM Subject: RE: [Declude.JunkMail] OT: GREP Help Needed Ah, the easy answer is that grep is not the way.  You want something a little higher up on the food chain, awk.   gawk "$4 == 2" netflow.txt   or the identical but clearer:   gawk "$4 == 2 {print $0}" netflow.txt   will parse the file called netflow.txt and only output the the whole row where column 4 is equal to 2.   Getting sums out of the rows will require programming.  awk can do this in a brief script, but you may be happier doing it somewhere else (think of awk as the prototype for Perl).   If you knew that you were really only interested in interface 2 and that column 12 contained "bytes in" (hypothetically, I don't really know the contents of each of the columns in your example), this would do the trick nicely:   gawk "$4 == 2 {total+= $7} END {print total}" netflow.txt   You could easily extend that script to keep running totals for various values in column $12 (which I'm guessing is the destination port), if you know which values you care about ahead of time, or get really fancy and use an indexed array and let awk keep track of each port as index values.   I hope that gives you enough of a head start,   Andrew 8) -----Original Message----- From: serge [mailto:[EMAIL PROTECTED] Sent: Saturday, May 29, 2004 10:03 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] OT: GREP Help Needed From the grep expert Below is a sample log file (cisco netflow output) 1- how can we export the lines with interface number 2 (in red) to another smaller file 2- can we easily get bytes totals per ipadress, port #, ...           216.226.209.180     202.59.119.218     10.0.6.1              2 4 6 304 2004-05-27 19:12:47.097 2004-05-27 19:12:57.097 5466 6346 3 6 0 0 0 24 0 208.154.200.5 192.36.125.2          208.154.200.6        208.154.200.6    4 2 1 233 2004-05-27 19:12:43.109 2004-05-27 19:12:43.109 53 1090 16 17 0 0 0 0 25 208.154.200.5 208.154.200.6        193.0.0.193           10.0.6.1              2 4 1 69 2004-05-27 19:12:43.113 2004-05-27 19:12:43.113 1090 53 16 17 0 0 0 25 0 208.154.200.5 65.57.234.3            216.226.209.154    216.226.209.154 1 2 1 40 2004-05-27 19:12:43.209 2004-05-27 19:12:43.209 6667 55790 16 6 0 0 0 0 24 208.154.200.5 216.226.209.144     213.30.182.60       10.0.6.1              2 4 2 112 2004-05-27 19:12:42.545 2004-05-27 19:12:43.041 0 771 16 1 0 0 0 24 0 208.154.200.5 66.118.142.125       216.226.209.133    216.226.209.133 1 2 2 106 2004-05-27 19:12:41.285 2004-05-27 19:12:42.897 65475 1034 24 6 0 0 0 0 24 208.154.200.5 216.226.209.183     216.155.193.182    10.0.6.1             2 4 2 156 2004-05-27 19:12:41.493 2004-05-27 19:12:43.069 10784 119 24 6 0 0 0 24 0 208.154.200.5 216.226.209.183     68.96.10.174         10.0.6.1              2 4 3 132 2004-05-27 19:12:39.081 2004-05-27 19:12:42.769 10728 60633 24 6 0 0 0 24 0 208.154.200.5