Re: Find - Sillyness
Thanks for the help, however I must still be in stupid mode doh!
the original command works but as soon as I add the rest of the
command it dies. Basically what I am trying to do is go through
three years worth of pflogs in gzip format and grep for a part
of an ip address. It works on a command line, on a single file
but when used with 'find -exec' it yaks. I am sure it's got
something to do with the way I am quoting but it's not making
a lot of sense at this point.
Here is the actual command I am trying to run and it's error
output.
spider:/var/logtransfer/dc-fw1# find . -name pflog.*.gz -exec zcat {} |
tcpdump -entttv -r - \;
find: -exec: no terminating ;
tcpdump: fread: Invalid argument
-Original Message-
From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org]on Behalf Of
John Jackson
Sent: Thursday, January 22, 2009 3:12 PM
To: misc@openbsd.org
Subject: Re: Find - Sillyness
On Thu, Jan 22, 2009 at 02:54:21PM -0500, Morris, Roy wrote:
I know this is more of a general 'huh' kind of thing, but I figured someone
could kick start my brain for me. Anyone know why this doesn't work? It
appears to find the files ok but the -exec part thinks it can't?
spider:/var/log# find . -name daemon.*.gz -exec echo {} \;
find: echo ./daemon.2.gz: No such file or directory
find: echo ./daemon.1.gz: No such file or directory
find: echo ./daemon.5.gz: No such file or directory
find: echo ./daemon.4.gz: No such file or directory
find: echo ./daemon.3.gz: No such file or directory
find: echo ./daemon.0.gz: No such file or directory
Try:
find . -name daemon.*.gz -exec echo {} \;
without the double quotes after exec.
John
Re: Find - Sillyness
On Fri, Jan 23, 2009 at 9:07 AM, Morris, Roy rmor...@internetsecure.com wrote:
Here is the actual command I am trying to run and it's error
output.
spider:/var/logtransfer/dc-fw1# find . -name pflog.*.gz -exec zcat {} |
tcpdump -entttv -r - \;
find: -exec: no terminating ;
tcpdump: fread: Invalid argument
Me thinks you need to quote you're pattern (or set noglob) and terminate
your exec (just like find is telling you):
find . -name 'pflog.*.gz' -exec zcat {} \; | ...
-N
Re: Find - Sillyness
Ok, I tried both and neither worked. Same error
doh!
-Original Message-
From: Nick Bender [mailto:nben...@gmail.com]
Sent: Friday, January 23, 2009 9:21 AM
To: Morris, Roy
Cc: misc@openbsd.org
Subject: Re: Find - Sillyness
On Fri, Jan 23, 2009 at 9:07 AM, Morris, Roy rmor...@internetsecure.com
wrote:
Here is the actual command I am trying to run and it's error
output.
spider:/var/logtransfer/dc-fw1# find . -name pflog.*.gz -exec zcat {} |
tcpdump -entttv -r - \;
find: -exec: no terminating ;
tcpdump: fread: Invalid argument
Me thinks you need to quote you're pattern (or set noglob) and terminate
your exec (just like find is telling you):
find . -name 'pflog.*.gz' -exec zcat {} \; | ...
-N
Re: Find - Sillyness
On Friday January 23 2009 08:07, you wrote:
I am sure it's got something to do with the way I am quoting but it's
not making a lot of sense at this point.
Here is the actual command I am trying to run and it's error
output.
spider:/var/logtransfer/dc-fw1# find . -name pflog.*.gz -exec zcat {}
| tcpdump -entttv -r - \;
find: -exec: no terminating ;
tcpdump: fread: Invalid argument
You're right, the problem is quoting. The shell interprets everything
after the pipe character (|) as a separate command, so find never
receives the semi-colon.
For something this simple, i'd suggest moving the pipe outside of the
find command:
find . -name pflog.*.gz -exec zcat {} \; | tcpdump -entttv -r -
For more complicated situations, you can use a structure more like this:
find . -name pflog.*.gz -print0 | while read -d $'\0' file ; do \
echo Now processing ${file} \
zcat $file | tcpdump -entttv -r - \
done
For your particular situation, not using a find at all might work:
gunzip -c pflog.*.gz | tcpdump -entttv -r -
That could fail if pflog.*.gz expands to so many files that it
overflows the maximum command length, but otherwise should work the
same.
Dan RamaleyDial Center 118, Drake University
Network Programmer/Analyst 2407 Carpenter Ave
+1 515 271-4540Des Moines IA 50311 USA
Re: Find - Sillyness
spider:/var/logtransfer/dc-fw1# find . -name pflog.*.gz -exec zcat {} |
tcpdump -entttv -r - \;
find: -exec: no terminating ;
Find -exec invokes the command directly using exec(2). There's no shell
underlying the command, so pipes are out (even if you had correctly
escaped the '|').
The easiest way out of this is to put the compound command into a shell
script and have find run that. E.g.:
cat scanlog _HOOPY_FROOD
#!/bin/sh
zcat $1 | tcpdump -entttv -r -
_HOOPY_FROOD
chmod +x scanlog
find . -name 'pflog.*.gz' -exec ./scanlog '{}'
--lyndon
Our users will know fear and cower before our software! Ship it! Ship it
and let them flee like the dogs they are!
Re: Find - Sillyness
This worked! You da man! thanks much.
-Original Message-
From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org]on Behalf Of
Daniel A. Ramaley
Sent: Friday, January 23, 2009 9:56 AM
To: misc@openbsd.org
Subject: Re: Find - Sillyness
On Friday January 23 2009 08:07, you wrote:
I am sure it's got something to do with the way I am quoting but it's
not making a lot of sense at this point.
Here is the actual command I am trying to run and it's error
output.
spider:/var/logtransfer/dc-fw1# find . -name pflog.*.gz -exec zcat {}
| tcpdump -entttv -r - \;
find: -exec: no terminating ;
tcpdump: fread: Invalid argument
You're right, the problem is quoting. The shell interprets everything
after the pipe character (|) as a separate command, so find never
receives the semi-colon.
For something this simple, i'd suggest moving the pipe outside of the
find command:
find . -name pflog.*.gz -exec zcat {} \; | tcpdump -entttv -r -
For more complicated situations, you can use a structure more like this:
find . -name pflog.*.gz -print0 | while read -d $'\0' file ; do \
echo Now processing ${file} \
zcat $file | tcpdump -entttv -r - \
done
For your particular situation, not using a find at all might work:
gunzip -c pflog.*.gz | tcpdump -entttv -r -
That could fail if pflog.*.gz expands to so many files that it
overflows the maximum command length, but otherwise should work the
same.
Dan RamaleyDial Center 118, Drake University
Network Programmer/Analyst 2407 Carpenter Ave
+1 515 271-4540Des Moines IA 50311 USA
Find - Sillyness
I know this is more of a general 'huh' kind of thing, but I figured someone
could kick start my brain for me. Anyone know why this doesn't work? It
appears to find the files ok but the -exec part thinks it can't?
spider:/var/log# find . -name daemon.*.gz -exec echo {} \;
find: echo ./daemon.2.gz: No such file or directory
find: echo ./daemon.1.gz: No such file or directory
find: echo ./daemon.5.gz: No such file or directory
find: echo ./daemon.4.gz: No such file or directory
find: echo ./daemon.3.gz: No such file or directory
find: echo ./daemon.0.gz: No such file or directory
Re: Find - Sillyness
do you have any programs called echo ./daemon.2.gz?
you want -exec echo {} \;
On Thu, Jan 22, 2009 at 12:54 PM, Morris, Roy
rmor...@internetsecure.com wrote:
I know this is more of a general 'huh' kind of thing, but I figured someone
could kick start my brain for me. Anyone know why this doesn't work? It
appears to find the files ok but the -exec part thinks it can't?
spider:/var/log# find . -name daemon.*.gz -exec echo {} \;
find: echo ./daemon.2.gz: No such file or directory
find: echo ./daemon.1.gz: No such file or directory
find: echo ./daemon.5.gz: No such file or directory
find: echo ./daemon.4.gz: No such file or directory
find: echo ./daemon.3.gz: No such file or directory
find: echo ./daemon.0.gz: No such file or directory
--
GDB has a 'break' feature; why doesn't it have 'fix' too?
Re: Find - Sillyness
Remove the quotes from echo {}. The No such file or directory error
is because find cannot run a program named echo ./daemon.2.gz. Remove
the quotes and it will try to run echo with an argument
of daemon.2.gz.
On Thursday January 22 2009 13:54, you wrote:
I know this is more of a general 'huh' kind of thing, but I figured
someone could kick start my brain for me. Anyone know why this
doesn't work? It appears to find the files ok but the -exec part
thinks it can't?
spider:/var/log# find . -name daemon.*.gz -exec echo {} \;
find: echo ./daemon.2.gz: No such file or directory
find: echo ./daemon.1.gz: No such file or directory
find: echo ./daemon.5.gz: No such file or directory
find: echo ./daemon.4.gz: No such file or directory
find: echo ./daemon.3.gz: No such file or directory
find: echo ./daemon.0.gz: No such file or directory
--
Dan RamaleyDial Center 118, Drake University
Network Programmer/Analyst 2407 Carpenter Ave
+1 515 271-4540Des Moines IA 50311 USA
Re: Find - Sillyness
On Thu, Jan 22, 2009 at 02:54:21PM -0500, Morris, Roy wrote:
I know this is more of a general 'huh' kind of thing, but I figured someone
could kick start my brain for me. Anyone know why this doesn't work? It
appears to find the files ok but the -exec part thinks it can't?
spider:/var/log# find . -name daemon.*.gz -exec echo {} \;
find: echo ./daemon.2.gz: No such file or directory
find: echo ./daemon.1.gz: No such file or directory
find: echo ./daemon.5.gz: No such file or directory
find: echo ./daemon.4.gz: No such file or directory
find: echo ./daemon.3.gz: No such file or directory
find: echo ./daemon.0.gz: No such file or directory
Try:
find . -name daemon.*.gz -exec echo {} \;
without the double quotes after exec.
John
Re: Find - Sillyness
On 22 Jan 2009 at 14:54, Morris, Roy wrote:
I know this is more of a general 'huh' kind of thing, but I figured someone
could kick start my brain for me. Anyone know why this doesn't work? It
appears to find the files ok but the -exec part thinks it can't?
spider:/var/log# find . -name daemon.*.gz -exec echo {} \;
find: echo ./daemon.2.gz: No such file or directory
find: echo ./daemon.1.gz: No such file or directory
find: echo ./daemon.5.gz: No such file or directory
find: echo ./daemon.4.gz: No such file or directory
find: echo ./daemon.3.gz: No such file or directory
find: echo ./daemon.0.gz: No such file or directory
specifying echo {} -- i.e. putting both `words' in the same set of
quotes -- you made it a single token as far as the find command is
concerned, which is what it passes to the exec call.
