combine 2 bash commands into single line 2

[rigstars2]

Hey guys,

Can you please help me solve this problem. These statements run fine on their own but I'd like to combine them into one. I can't seem to get it to work. Any guidance would be great.
Thanks!

# First statement
egrep -w 'Deny TCP|Deny UDP' $FW_LOG | awk '{print $1 " " $2 " " $3}' >> $OUTFILE

#Output
TCP 109.75.171.98:80 in
TCP 210.128.108.48:80 in

===================

# Second statement
echo 109.75.171.98 | geo
echo 210.128.108.48 | geo

#Output
Japan
United Kingdom

What I'd like to do is combine the 2 commands above so the output looks like this -

TCP 109.75.171.98:80 in Japan
TCP 210.128.108.48:80 in United Kingdom

 

[FlorianAwk]

I would do it in awk:

egrep -w 'Deny TCP|Deny UDP' $FW_LOG | awk '{cmd="geo "$2;cmd|getline rslt;close(cmd);print $1" "$2" "$3" "rslt}' >> $OUTFILE

 

[rigstars2]

FlorianAwk,

That was really impressive! Sorry, I forget to include that I needed to remove the :80 from the IP before feeding it into your awk statement so I added this statement - which btw, works fine on its own but doesn't jive with your code. Can you see where the problem is? I guess I'm printing it which I don't want to do but pass $2 once it has been modified.

awk '{ print $2 }' | cut -d':' -f1


egrep -w 'Deny TCP|Deny UDP' $FW_LOG | awk '{ print $2 }' | cut -d':' -f1 | awk '{cmd="geo "$10;cmd|getline rslt;close(cmd);print $1" "$2" "$3" "rslt}' >> $OUTFILE

Thanks again.

 

[rigstars2]

ForianAwk,

The code still doesn't work after fixing the typo in my reply ...

egrep -w 'Deny TCP|Deny UDP' $FW_LOG | awk '{ print $2 }' | cut -d':' -f1 | awk '{cmd="geo "$2;cmd|getline rslt;close(cmd);print $1" "$2" "$3" "rslt}' >> $OUTFILE

 

[PHV]

What about this ?

egrep -w 'Deny TCP|Deny UDP' $FW_LOG | awk '{split($2,a,/:/);cmd="geo "a[1];cmd|getline rslt;close(cmd);print $1" "$2" "$3" "rslt}' >> $OUTFILE

Hope This Helps, PH.
FAQ219-2884
FAQ181-2886

 

[rigstars2]

nice try PH but I still get this output -

TCP 210.128.108.48:80 in

#Desired output
TCP 210.128.108.48:80 in Japan

I think the problem is that this - geo 210.128.108.48 when the code needs to
echo 210.128.108.48 | geo

I tried changing it to this -

cmd="echo $4 | geo"; cmd|getline rslt; close(cmd);

but still doesn't work ..

 

[PHV]

egrep -w 'Deny TCP|Deny UDP' $FW_LOG | awk '{split($2,a,/:/);cmd="echo "a[1]"|geo";cmd|getline rslt;close(cmd);print $1" "$2" "$3" "rslt}' >> $OUTFILE

Hope This Helps, PH.
FAQ219-2884
FAQ181-2886

 

[rigstars2]

Almost there ..I do really appreciate the help. I should have included the geo output when it runs a against an ip. I after I parse out the ip and then do "echo 210.128.108.48 | geo'" I just want the Country name. For this example, just the Russian Federation output

so it looks like this - TCP 210.128.108.48:80 in Japan

Host Name: 210.128.108.48
IP Address: 210.128.108.48
Country: Japan
Country code: JP (JPN)
Region:
City:
Postal code:
</html>

 

[PHV]

A starting point:
egrep -w 'Deny TCP|Deny UDP' $FW_LOG | awk '{split($2,a,/:/);cmd="echo "a[1]"|geo|fgrep Country:";cmd|getline rslt;close(cmd);print $1" "$2" "$3" "rslt}' >> $OUTFILE

Hope This Helps, PH.
FAQ219-2884
FAQ181-2886

 

[FlorianAwk]

I forget to include that I needed to remove the :80

I even didn't notice it

When you need a substitution in a text file, think SED. I would have done:

egrep -w 'Deny TCP|Deny UDP' $FW_LOG | sed 's/:.* //'|awk '{cmd="geo "$2;cmd|getline rslt;close(cmd);print $1" "$2" "$3" "rslt}' >> $OUTFILE

It will replace when the port is 80 (http) or 443 (https) or others because of the regular expression that matches anything between ":" and a space.

cmd="echo $4 | geo";

First, it is not the fourth field, but the second.

Second, between double quotes, I doubt that the $4 is interpreted. I would do:

cmd="echo "$2" | geo";

to get out of the quotes and get in again.


I must admit I don't understand everything.

Host Name: 210.128.108.48
IP Address: 210.128.108.48
Country: Japan
Country code: JP (JPN)
Region:
City:
Postal code:

Is it the result of geo, or the final goal you want to reach?

 

[rigstars2]

FlorianAwk,

In your last quote, I want to get the Country name only. PH provided this bit of code here which appears to work somewhat work but not really.

My input file has this as an example: TCP 210.128.108.48:80 in

my desired out is: TCP 210.128.108.48:80 in Japan

that is why I want to do "echo 210.128.108.48 | geo" so I can grep out the Country

egrep -w 'TCP' $FW_LOG | awk '{split($2,a,/:/);cmd="echo "a[1]"|geo|fgrep Country:";cmd|getline rslt;close(cmd);print $1" "$2" "$3" "rslt}' >> $OUTFILE

 

[rigstars2]

No matter what the IP address is in the input file ..it always returns United States even though the IP
is from Japan

Apr 3 20:45:33 210.128.108.48:80 Country: United States
Apr 3 20:45:33 210.128.108.48:80 Country: United States

 

[rigstars2]

Did some testing, looks like it wasn't evaluating the echo "a[4]" or even "a[1]" so I manually put in
various IP addresses and they were returning the correct country ..

grep 'Apr' IPs.txt | awk '{split($4,a,/:/);cmd="echo 210.128.108.48|code|fgrep 'Country:'|cut -c 16-43";cmd|getline rslt;close(cmd);print $1" "$2" "$3" "$5" "rslt}'

Apr 3 20:45:33 210.128.108.48 Japan

and just returns United States by default it doesn't get evaluated ..

 

[rigstars2]

Making some progress here. Just need to figure out why its not removing the :80 from the IP before it gets sent to the geo script. For testing purposes, I removed the :80 manually so I can see it working.

grep 'Apr' IPs.txt | awk '{split($4,a,/:/);cmd="echo "$5"|code|fgrep 'Country:'|cut -c 16-43";cmd|getline rslt;close(cmd);print $1" "$2" "$3" "$5" "rslt}'

Apr 3 20:45:33 210.128.108.48 Japan
Apr 4 12:57:50 94.102.146.243 United Kingdom
Apr 4 12:58:29 95.172.27.51 United Kingdom
Apr 5 07:22:51 212.58.246.85 United Kingdom
Apr 5 07:52:13 217.79.188.21 Germany

 

[FlorianAwk]

You haven't said everything about 'geo'. 'getline' returns only one line. If your result is "United States", it could be because of a line "Country ..." placed before the one you need.

 

[rigstars2]

FlorianAwk,

geo script just returns the geographical location of the IP address. The only issue I have now is
the substitution part ..can't seem to separate the IP from :80 either using your code or PH's code.


grep 'TCP' IPs.txt | awk '{split($5,a,/:/);cmd="echo "$5"|geo|fgrep 'Country:'|cut -c 16-43";cmd|getline rslt;close(cmd);print "$2" "rslt}'

input file: TCP 210.128.108.48:80 in

 

[FlorianAwk]

What is the output of the following commands?

grep 'TCP' IPs.txt
grep 'TCP' IPs.txt|sed 's/:.* //'

 

[rigstars2]

grep 'TCP' IPs.txt

Apr 5 14:56:04 TCP 217.79.188.21:80 in
Apr 5 16:32:43 TCP 210.128.108.48:80 in
Apr 5 18:26:32 TCP 95.172.27.51:443 in

grep 'TCP' IPs.txt | sed 's/:.* //'

Apr 5 14in
Apr 5 16in
Apr 5 18in

 

[FlorianAwk]

Ok. Then, the good regular expression should be:

grep 'TCP' IPs.txt | sed 's/:[^:]* in/ in/'

 

[rigstars2]

thanks florianawk.. its removing the 2nd occurrence of the :
I need it to be done on the 3rd semicolon

its removing the seconds from the time instead of the port numbers from the IP