Re: Find - Sillyness
Thanks for the help, however I must still be in stupid mode doh! the original command works but as soon as I add the rest of the command it dies. Basically what I am trying to do is go through three years worth of pflogs in gzip format and grep for a part of an ip address. It works on a command line, on a single file but when used with 'find -exec' it yaks. I am sure it's got something to do with the way I am quoting but it's not making a lot of sense at this point. Here is the actual command I am trying to run and it's error output. spider:/var/logtransfer/dc-fw1# find . -name pflog.*.gz -exec zcat {} | tcpdump -entttv -r - \; find: -exec: no terminating ; tcpdump: fread: Invalid argument -Original Message- From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org]on Behalf Of John Jackson Sent: Thursday, January 22, 2009 3:12 PM To: misc@openbsd.org Subject: Re: Find - Sillyness On Thu, Jan 22, 2009 at 02:54:21PM -0500, Morris, Roy wrote: I know this is more of a general 'huh' kind of thing, but I figured someone could kick start my brain for me. Anyone know why this doesn't work? It appears to find the files ok but the -exec part thinks it can't? spider:/var/log# find . -name daemon.*.gz -exec echo {} \; find: echo ./daemon.2.gz: No such file or directory find: echo ./daemon.1.gz: No such file or directory find: echo ./daemon.5.gz: No such file or directory find: echo ./daemon.4.gz: No such file or directory find: echo ./daemon.3.gz: No such file or directory find: echo ./daemon.0.gz: No such file or directory Try: find . -name daemon.*.gz -exec echo {} \; without the double quotes after exec. John
Re: Find - Sillyness
On Fri, Jan 23, 2009 at 9:07 AM, Morris, Roy rmor...@internetsecure.com wrote: Here is the actual command I am trying to run and it's error output. spider:/var/logtransfer/dc-fw1# find . -name pflog.*.gz -exec zcat {} | tcpdump -entttv -r - \; find: -exec: no terminating ; tcpdump: fread: Invalid argument Me thinks you need to quote you're pattern (or set noglob) and terminate your exec (just like find is telling you): find . -name 'pflog.*.gz' -exec zcat {} \; | ... -N
Re: Find - Sillyness
Ok, I tried both and neither worked. Same error doh! -Original Message- From: Nick Bender [mailto:nben...@gmail.com] Sent: Friday, January 23, 2009 9:21 AM To: Morris, Roy Cc: misc@openbsd.org Subject: Re: Find - Sillyness On Fri, Jan 23, 2009 at 9:07 AM, Morris, Roy rmor...@internetsecure.com wrote: Here is the actual command I am trying to run and it's error output. spider:/var/logtransfer/dc-fw1# find . -name pflog.*.gz -exec zcat {} | tcpdump -entttv -r - \; find: -exec: no terminating ; tcpdump: fread: Invalid argument Me thinks you need to quote you're pattern (or set noglob) and terminate your exec (just like find is telling you): find . -name 'pflog.*.gz' -exec zcat {} \; | ... -N
Re: Find - Sillyness
On Friday January 23 2009 08:07, you wrote: I am sure it's got something to do with the way I am quoting but it's not making a lot of sense at this point. Here is the actual command I am trying to run and it's error output. spider:/var/logtransfer/dc-fw1# find . -name pflog.*.gz -exec zcat {} | tcpdump -entttv -r - \; find: -exec: no terminating ; tcpdump: fread: Invalid argument You're right, the problem is quoting. The shell interprets everything after the pipe character (|) as a separate command, so find never receives the semi-colon. For something this simple, i'd suggest moving the pipe outside of the find command: find . -name pflog.*.gz -exec zcat {} \; | tcpdump -entttv -r - For more complicated situations, you can use a structure more like this: find . -name pflog.*.gz -print0 | while read -d $'\0' file ; do \ echo Now processing ${file} \ zcat $file | tcpdump -entttv -r - \ done For your particular situation, not using a find at all might work: gunzip -c pflog.*.gz | tcpdump -entttv -r - That could fail if pflog.*.gz expands to so many files that it overflows the maximum command length, but otherwise should work the same. Dan RamaleyDial Center 118, Drake University Network Programmer/Analyst 2407 Carpenter Ave +1 515 271-4540Des Moines IA 50311 USA
Re: Find - Sillyness
spider:/var/logtransfer/dc-fw1# find . -name pflog.*.gz -exec zcat {} | tcpdump -entttv -r - \; find: -exec: no terminating ; Find -exec invokes the command directly using exec(2). There's no shell underlying the command, so pipes are out (even if you had correctly escaped the '|'). The easiest way out of this is to put the compound command into a shell script and have find run that. E.g.: cat scanlog _HOOPY_FROOD #!/bin/sh zcat $1 | tcpdump -entttv -r - _HOOPY_FROOD chmod +x scanlog find . -name 'pflog.*.gz' -exec ./scanlog '{}' --lyndon Our users will know fear and cower before our software! Ship it! Ship it and let them flee like the dogs they are!
Re: Find - Sillyness
This worked! You da man! thanks much. -Original Message- From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org]on Behalf Of Daniel A. Ramaley Sent: Friday, January 23, 2009 9:56 AM To: misc@openbsd.org Subject: Re: Find - Sillyness On Friday January 23 2009 08:07, you wrote: I am sure it's got something to do with the way I am quoting but it's not making a lot of sense at this point. Here is the actual command I am trying to run and it's error output. spider:/var/logtransfer/dc-fw1# find . -name pflog.*.gz -exec zcat {} | tcpdump -entttv -r - \; find: -exec: no terminating ; tcpdump: fread: Invalid argument You're right, the problem is quoting. The shell interprets everything after the pipe character (|) as a separate command, so find never receives the semi-colon. For something this simple, i'd suggest moving the pipe outside of the find command: find . -name pflog.*.gz -exec zcat {} \; | tcpdump -entttv -r - For more complicated situations, you can use a structure more like this: find . -name pflog.*.gz -print0 | while read -d $'\0' file ; do \ echo Now processing ${file} \ zcat $file | tcpdump -entttv -r - \ done For your particular situation, not using a find at all might work: gunzip -c pflog.*.gz | tcpdump -entttv -r - That could fail if pflog.*.gz expands to so many files that it overflows the maximum command length, but otherwise should work the same. Dan RamaleyDial Center 118, Drake University Network Programmer/Analyst 2407 Carpenter Ave +1 515 271-4540Des Moines IA 50311 USA
Find - Sillyness
I know this is more of a general 'huh' kind of thing, but I figured someone could kick start my brain for me. Anyone know why this doesn't work? It appears to find the files ok but the -exec part thinks it can't? spider:/var/log# find . -name daemon.*.gz -exec echo {} \; find: echo ./daemon.2.gz: No such file or directory find: echo ./daemon.1.gz: No such file or directory find: echo ./daemon.5.gz: No such file or directory find: echo ./daemon.4.gz: No such file or directory find: echo ./daemon.3.gz: No such file or directory find: echo ./daemon.0.gz: No such file or directory
Re: Find - Sillyness
do you have any programs called echo ./daemon.2.gz? you want -exec echo {} \; On Thu, Jan 22, 2009 at 12:54 PM, Morris, Roy rmor...@internetsecure.com wrote: I know this is more of a general 'huh' kind of thing, but I figured someone could kick start my brain for me. Anyone know why this doesn't work? It appears to find the files ok but the -exec part thinks it can't? spider:/var/log# find . -name daemon.*.gz -exec echo {} \; find: echo ./daemon.2.gz: No such file or directory find: echo ./daemon.1.gz: No such file or directory find: echo ./daemon.5.gz: No such file or directory find: echo ./daemon.4.gz: No such file or directory find: echo ./daemon.3.gz: No such file or directory find: echo ./daemon.0.gz: No such file or directory -- GDB has a 'break' feature; why doesn't it have 'fix' too?
Re: Find - Sillyness
Remove the quotes from echo {}. The No such file or directory error is because find cannot run a program named echo ./daemon.2.gz. Remove the quotes and it will try to run echo with an argument of daemon.2.gz. On Thursday January 22 2009 13:54, you wrote: I know this is more of a general 'huh' kind of thing, but I figured someone could kick start my brain for me. Anyone know why this doesn't work? It appears to find the files ok but the -exec part thinks it can't? spider:/var/log# find . -name daemon.*.gz -exec echo {} \; find: echo ./daemon.2.gz: No such file or directory find: echo ./daemon.1.gz: No such file or directory find: echo ./daemon.5.gz: No such file or directory find: echo ./daemon.4.gz: No such file or directory find: echo ./daemon.3.gz: No such file or directory find: echo ./daemon.0.gz: No such file or directory -- Dan RamaleyDial Center 118, Drake University Network Programmer/Analyst 2407 Carpenter Ave +1 515 271-4540Des Moines IA 50311 USA
Re: Find - Sillyness
On Thu, Jan 22, 2009 at 02:54:21PM -0500, Morris, Roy wrote: I know this is more of a general 'huh' kind of thing, but I figured someone could kick start my brain for me. Anyone know why this doesn't work? It appears to find the files ok but the -exec part thinks it can't? spider:/var/log# find . -name daemon.*.gz -exec echo {} \; find: echo ./daemon.2.gz: No such file or directory find: echo ./daemon.1.gz: No such file or directory find: echo ./daemon.5.gz: No such file or directory find: echo ./daemon.4.gz: No such file or directory find: echo ./daemon.3.gz: No such file or directory find: echo ./daemon.0.gz: No such file or directory Try: find . -name daemon.*.gz -exec echo {} \; without the double quotes after exec. John
Re: Find - Sillyness
On 22 Jan 2009 at 14:54, Morris, Roy wrote: I know this is more of a general 'huh' kind of thing, but I figured someone could kick start my brain for me. Anyone know why this doesn't work? It appears to find the files ok but the -exec part thinks it can't? spider:/var/log# find . -name daemon.*.gz -exec echo {} \; find: echo ./daemon.2.gz: No such file or directory find: echo ./daemon.1.gz: No such file or directory find: echo ./daemon.5.gz: No such file or directory find: echo ./daemon.4.gz: No such file or directory find: echo ./daemon.3.gz: No such file or directory find: echo ./daemon.0.gz: No such file or directory specifying echo {} -- i.e. putting both `words' in the same set of quotes -- you made it a single token as far as the find command is concerned, which is what it passes to the exec call.