Smart questions
Smart answers
Smart people
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Member Login
Remember Me
Forgot Password?
Join Us!

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips now!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
Join Tek-Tips
*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

LINK TO THIS FORUM!

Add Stickiness To Your Site By Linking To This Professionally Managed Technical Forum.
Just copy and paste the
code below into your site.

Tek-Tips LinkedIn® Group

Partner With Us!

"Best Of Breed" Forums Add Stickiness To Your Site
Partner Button
(Download This Button Today!)

Feedback

"...These forums are an excellent source and example of the way people can help each other..."
More...

Geography

Where in the world do Tek-Tips members come from?
Click Here To Find Out!

Tek-Tips Shirts!

Get Tek-Tips Swag
Get your
Tek-Tips Forums
SWAG here!
Home > Forums > Programmers > Languages > UNIX Scripting Forum

combine 2 bash commands into single lineHelpful Member!(2) 

thread822-1679713
Read More Threads Like This One
rigstars2 (Instructor)
4 Apr 12 20:53
Hey guys,

Can you please help me solve this problem. These statements run fine on their own but I'd like to combine them into one. I can't seem to get it to work. Any guidance would be great.
Thanks!

# First statement
egrep -w 'Deny TCP|Deny UDP' $FW_LOG | awk '{print $1 " " $2 " " $3}' >> $OUTFILE

#Output
TCP 109.75.171.98:80 in
TCP 210.128.108.48:80 in

===================

# Second statement
echo 109.75.171.98 | geo
echo 210.128.108.48 | geo

#Output
Japan
United Kingdom

What I'd like to do is combine the 2 commands above so the output looks like this -

TCP 109.75.171.98:80 in Japan
TCP 210.128.108.48:80 in United Kingdom
FlorianAwk (Programmer)
4 Apr 12 22:18
I would do it in awk:

CODE

egrep -w 'Deny TCP|Deny UDP' $FW_LOG | awk '{cmd="geo "$2;cmd|getline rslt;close(cmd);print $1" "$2" "$3" "rslt}' >> $OUTFILE
rigstars2 (Instructor)
5 Apr 12 7:40
FlorianAwk,

That was really impressive! Sorry, I forget to include that I needed to remove the :80 from the IP before feeding it into your awk statement so I added this statement - which btw, works fine on its own but doesn't jive with your code. Can you see where the problem is? I guess I'm printing it which I don't want to do but pass $2 once it has been modified.

awk '{ print $2 }' | cut -d':' -f1


egrep -w 'Deny TCP|Deny UDP' $FW_LOG | awk '{ print $2 }' | cut -d':' -f1 | awk '{cmd="geo "$10;cmd|getline rslt;close(cmd);print $1" "$2" "$3" "rslt}' >> $OUTFILE

Thanks again.
rigstars2 (Instructor)
5 Apr 12 7:52
ForianAwk,

The code still doesn't work after fixing the typo in my reply ...

egrep -w 'Deny TCP|Deny UDP' $FW_LOG | awk '{ print $2 }' | cut -d':' -f1 | awk '{cmd="geo "$2;cmd|getline rslt;close(cmd);print $1" "$2" "$3" "rslt}' >> $OUTFILE
PHV (MIS)
5 Apr 12 14:07
What about this ?

CODE

egrep -w 'Deny TCP|Deny UDP' $FW_LOG | awk '{split($2,a,/:/);cmd="geo "a[1];cmd|getline rslt;close(cmd);print $1" "$2" "$3" "rslt}' >> $OUTFILE

Hope This Helps, PH.
FAQ219-2884: How Do I Get Great Answers To my Tek-Tips Questions?
FAQ181-2886: How can I maximize my chances of getting an answer?

rigstars2 (Instructor)
5 Apr 12 14:55
nice try PH but I still get this output -

TCP 210.128.108.48:80 in

#Desired output
TCP 210.128.108.48:80 in Japan

I think the problem is that this - geo 210.128.108.48   when the code needs to
echo 210.128.108.48 | geo

I tried changing it to this -

cmd="echo $4 | geo"; cmd|getline rslt; close(cmd);

but still doesn't work ..
PHV (MIS)
5 Apr 12 15:06
egrep -w 'Deny TCP|Deny UDP' $FW_LOG | awk '{split($2,a,/:/);cmd="echo "a[1]"|geo";cmd|getline rslt;close(cmd);print $1" "$2" "$3" "rslt}' >> $OUTFILE

Hope This Helps, PH.
FAQ219-2884: How Do I Get Great Answers To my Tek-Tips Questions?
FAQ181-2886: How can I maximize my chances of getting an answer?

rigstars2 (Instructor)
5 Apr 12 15:27
Almost there ..I do really appreciate the help. I should have included the geo output when it runs a against an ip. I after I parse out the ip and then do   "echo 210.128.108.48 | geo'"     I just want the Country name. For this example, just the Russian Federation output

so it looks like this - TCP 210.128.108.48:80 in Japan

Host Name: 210.128.108.48
  IP Address: 210.128.108.48
     Country:  Japan
Country code: JP (JPN)
      Region:
        City:
 Postal code:
</html>


 
Helpful Member!  PHV (MIS)
5 Apr 12 15:32
A starting point:
egrep -w 'Deny TCP|Deny UDP' $FW_LOG | awk '{split($2,a,/:/);cmd="echo "a[1]"|geo|fgrep Country:";cmd|getline rslt;close(cmd);print $1" "$2" "$3" "rslt}' >> $OUTFILE

Hope This Helps, PH.
FAQ219-2884: How Do I Get Great Answers To my Tek-Tips Questions?
FAQ181-2886: How can I maximize my chances of getting an answer?

FlorianAwk (Programmer)
5 Apr 12 16:25

Quote:

I forget to include that I needed to remove the :80
I even didn't notice it smile
When you need a substitution in a text file, think SED. I would have done:

CODE

egrep -w 'Deny TCP|Deny UDP' $FW_LOG | sed 's/:.* //'|awk '{cmd="geo "$2;cmd|getline rslt;close(cmd);print $1" "$2" "$3" "rslt}' >> $OUTFILE
It will replace when the port is 80 (http) or 443 (https) or others because of the regular expression that matches anything between ":" and a space.

Quote:

cmd="echo $4 | geo";

First, it is not the fourth field, but the second.

Second, between double quotes, I doubt that the $4 is interpreted. I would do:

CODE

cmd="echo "$2" | geo";
to get out of the quotes and get in again.


I must admit I don't understand everything.

Quote:

Host Name: 210.128.108.48
  IP Address: 210.128.108.48
     Country:  Japan
Country code: JP (JPN)
      Region:
        City:
 Postal code:
Is it the result of geo, or the final goal you want to reach?
rigstars2 (Instructor)
5 Apr 12 16:55
FlorianAwk,

In your last quote, I want to get the Country name only. PH provided this bit of code here which appears to work somewhat work but not really.

My input file has this as an example: TCP 210.128.108.48:80 in

my desired out is: TCP 210.128.108.48:80 in Japan

that is why I want to do "echo 210.128.108.48 | geo" so I can grep out the Country

egrep -w 'TCP' $FW_LOG | awk '{split($2,a,/:/);cmd="echo "a[1]"|geo|fgrep Country:";cmd|getline rslt;close(cmd);print $1" "$2" "$3" "rslt}' >> $OUTFILE




 
rigstars2 (Instructor)
5 Apr 12 17:07
No matter what the IP address is in the input file ..it always returns United States even though the IP
is from Japan

Apr 3 20:45:33 210.128.108.48:80      Country:  United States
Apr 3 20:45:33 210.128.108.48:80      Country:  United States
rigstars2 (Instructor)
5 Apr 12 17:32
Did some testing, looks like it wasn't evaluating the echo "a[4]" or even "a[1]" so I manually put in
various IP addresses and they were returning the correct country ..

grep 'Apr' IPs.txt | awk '{split($4,a,/:/);cmd="echo 210.128.108.48|code|fgrep 'Country:'|cut -c 16-43";cmd|getline rslt;close(cmd);print $1" "$2" "$3" "$5" "rslt}'

Apr 3 20:45:33 210.128.108.48 Japan

and just returns United States by default it doesn't get evaluated ..
rigstars2 (Instructor)
5 Apr 12 17:40
Making some progress here. Just need to figure out why its not removing the :80 from the IP before it gets sent to the geo script. For testing purposes, I removed the :80 manually so I can see it working.

grep 'Apr' IPs.txt | awk '{split($4,a,/:/);cmd="echo "$5"|code|fgrep 'Country:'|cut -c 16-43";cmd|getline rslt;close(cmd);print $1" "$2" "$3" "$5" "rslt}'

Apr 3 20:45:33 210.128.108.48 Japan
Apr 4 12:57:50 94.102.146.243 United Kingdom
Apr 4 12:58:29 95.172.27.51 United Kingdom
Apr 5 07:22:51 212.58.246.85 United Kingdom
Apr 5 07:52:13 217.79.188.21 Germany
FlorianAwk (Programmer)
5 Apr 12 19:53
You haven't said everything about 'geo'. 'getline' returns only one line. If your result is "United States", it could be because of a line "Country ..." placed before the one you need.
rigstars2 (Instructor)
5 Apr 12 20:14
FlorianAwk,

geo script just returns the geographical location of the IP address. The only issue I have now is
the substitution part ..can't seem to separate the IP from :80 either using your code or PH's code.


grep 'TCP' IPs.txt | awk '{split($5,a,/:/);cmd="echo "$5"|geo|fgrep 'Country:'|cut -c 16-43";cmd|getline rslt;close(cmd);print "$2" "rslt}'

input file: TCP 210.128.108.48:80 in

 
FlorianAwk (Programmer)
5 Apr 12 20:52
What is the output of the following commands?

CODE

grep 'TCP' IPs.txt
grep 'TCP' IPs.txt|sed 's/:.* //'
 
rigstars2 (Instructor)
5 Apr 12 21:31
grep 'TCP' IPs.txt

Apr 5 14:56:04 TCP 217.79.188.21:80 in
Apr 5 16:32:43 TCP 210.128.108.48:80 in
Apr 5 18:26:32 TCP 95.172.27.51:443 in

grep 'TCP' IPs.txt | sed 's/:.* //'

Apr 5 14in
Apr 5 16in
Apr 5 18in
 
Helpful Member!  FlorianAwk (Programmer)
6 Apr 12 4:43
Ok. Then, the good regular expression should be:

CODE

grep 'TCP' IPs.txt | sed 's/:[^:]* in/ in/'
rigstars2 (Instructor)
6 Apr 12 7:42
thanks florianawk.. its removing the 2nd occurrence of the :
I need it to be done on the 3rd semicolon

its removing the seconds from the time instead of the port numbers from the IP
rigstars2 (Instructor)
6 Apr 12 7:58
florian,

everything works now.. thanks for your assistance. much appreciated
Read More Threads Like This One

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Back To Forum

Back To UNIX Scripting

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close