AWK output from a tcp stream

[tommyspain]

How to massage this input

#--------------------------------------------------
interface: eth0 (172.26.0.0/255.255.255.0)
filter: ip and ( dst net 212.22.34.154 )
match: GET|POST
T 172.26.0.2:33104 -> 212.22.34.154:80 [AP]
GET /?idprod=3875 HTTP/1.1..Host:

http://www.novabinary.net..User-Agent:

Mozilla/5
.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20031107 Epiphany/1.0.6..Accep
t: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plai
n;q=0.8,image/png,image/jpeg,image/gif;q=0.2,*/*;q=0.1..Accept-Language: es
,en;q=0.5..Accept-Encoding: gzip,deflate..Accept-Charset: ISO-8859-1,utf-8;
q=0.7,*;q=0.7..Keep-Alive: 300..Connection: keep-alive..Referer:

http://www

.novabinary.net/..Cookie:
#---------------------------------------------------------


Like This
Host:

http://www.novabinary.net

GET: ?idprod=3875
Referer:

http://www.novabinary.net

Thanks

 

[marsd]

Quick and ugly hack:

           if ( (match($0,/Host:.*\.\.U/)) > 0) {
                    Host = substr($0,RSTART + 5,(RLENGTH - 8))
               }
               if ( (match($0,/\/\?.*=[0-9]+/)) > 0) {
                    Get = substr($0,RSTART + 2,RLENGTH - 2)
               }
               if ( (match($0,/Referer:/)) > 0) {
                    a[0] = substr($0,RLENGTH,(length($0) - RLENGTH + 1))
                    getline
                    if ( (match($0,/.*\//)) > 0) {
                       a[1] = substr($0,RSTART,RLENGTH - 1)
                    }
                    Referer = a[0] a[1] ; gsub(/.*\.\./,"",Referer)
               }
}
END {
    print "Host = ", Host
    print "Get = ", Get
    print "Referer = ", Referer
}

Still needs some tweaks, hope this gives you an idea
of one way to do it.