Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Converting pix logs

Status
Not open for further replies.
cspace

cspace

Technical User
Apr 14, 2005
4
NO
hi..
i am making a program to convert pix firewall logs and have some problems.

This is the code:
/* PIX Log Converter v1.0 */
/* For importing logs into ms sql server 2000*/
/* Usage: gawk -f pix_6_302013.awk pixlog.log > pix_6_302013.csv */

/PIX-6-302013/ {
str1 = ""
str2 = ","
sub("%",str1);
sub("/",str2);
sub("to",str1);
sub(")",str2);
gsub(/)/, "");
gsub(/\x2F/, ",");
print $1,$2","$3","$5","$10","$8","$7,$12,$14,$15;
}

This is a sample of the input log:
Dec 14 14:26:27 192.168.1.105 %PIX-6-302013: Built inbound TCP connection 280325 for outside:212.20.204.32/1912 (212.20.204.32/1912) to inside:192.168.1.111/443 (212.20.204.111/443)

This is the output i get:
Dec 14,14:26:27,PIX-6-302013:,280325,TCP,inbound outside:212.20.204.32,1912 inside:192.168.1.111,443 (212.20.204.111,443

This is the output i want, but don't understand how to do:
Dec 14, 14:26:27, PIX-6-302013, 280325, TCP, inbound, outside, 212.20.204.32, 1912, inside, 192.168.1.111, 443, 212.20.204.111

i need to remove the last port number, in this case its 443.
 
Sort by date Sort by votes
You may try this:
sub("/",str2);sub("/[0-9]+) *$",str1)

Hope This Helps, PH.
Want to get great answers to your Tek-Tips questions? Have a look at FAQ219-2884 or FAQ222-2244
 
Upvote 0 Downvote
thanx..it removed the last 443, but still i need to separate each field by comma and remove the unnecessary chars
 
Upvote 0 Downvote
My previous post should be read:
Replace this:
sub("/",str2);
By this:
sub("/",str2);sub("/[0-9]+) *$",str1)

Hope This Helps, PH.
Want to get great answers to your Tek-Tips questions? Have a look at FAQ219-2884 or FAQ222-2244
 
Upvote 0 Downvote
What about this ?
BEGIN{OFS=","}
/PIX-6-302013/ {
gsub(/[%:]/,"",$5)
gsub(/[\/:]/,",",$12)
gsub(/[\/:]/,",",$15)
gsub(/[(]|\/.*/,"",$16)
print $1" "$2,$3,$5,$10,$8,$7,$12,$15,$16
}

Hope This Helps, PH.
Want to get great answers to your Tek-Tips questions? Have a look at FAQ219-2884 or FAQ222-2244
 
Upvote 0 Downvote
thanx it solved the problem, i also realized that i can just put field separator to the problematic chars and just add the chars i needed on print..
thanx for the help.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

userand
  • Locked
  • Question
Converting numbers
Replies
4
Views
57
feherke
feherke
Cybex1
  • Locked
  • Question
Filename parsing from logs
Replies
6
Views
140
Annihilannic
Annihilannic
Castle22
  • Locked
  • Question
Converting row to columns
Replies
2
Views
62
Castle22
Castle22
starlight2003
  • Locked
  • Question
Converting dates in text file to mysql format
Replies
2
Views
51
starlight2003
starlight2003
Darshh
  • Locked
  • Question
converting a sed comande to awk
Replies
3
Views
42
PHV
PHV

Part and Inventory Search

Sponsor

Back
Top