pipe to whois 2

[cheme]

Hi,

I'm trying to pipe info from awk to whois. Basically, I want a list of organizations that are accessing my server. When I do this:

$ awk '{print $5}' temp.log
199.71.0.43

$ awk '{print $5 | "wc"}' temp.log
1 1 12

$ awk '{print $5 | "whois"}' temp.log

I just get the whois help. I tried using xargs, but I do not quite understand it even after reading the man.

On a side note, I know that the output of whois is multiline. I'm also trying to figure out how to just get the org name out (trying to use the whois switches, but may just need to pipe to grep).

Thanks.

 

[feherke]

Hi

Are you sure [tt]whois[/tt] accepts/expects any input ? As far as I know, it does not. In change it has a mandatory parameter, not passed in your code.

So better try it like this :

awk '{while ((("whois "$5)|getline str)==1) printf "| %-75s |\n",str}' temp.log

Tested with [tt]gawk[/tt] and [tt]mawk[/tt].

Feherke.

http://rootshell.be/~feherke/

 

[cheme]

works great. thanks a million!!! man, getline seems to be a complex thing...glad you were willing to help.

 

[vgersh99]

or alternatively:

awk '{print "whois " $5}' temp.log | sh

vlad
+----------------------------+
| #include<disclaimer.h> |
+----------------------------+

 

[cheme]

thanks vgersh99.... piping output to shell...how clever!

now, i'm trying to remove certain IPs so I'm using this:

awk '$5 !~ /192.168.1.1/ {print "whois " $5}' pfirewall.log | sh

This works fine. Next, I want to start on row 6. This is where I have a problem:

awk 'NR==6,NR==100000 $5 !~ /192.168.55.50/ {print "whois " $5}' pfirewall.log | sh

It does not work. I get no output.

I also tried

awk '$5 !~ /192.168.55.50/ NR==6,NR==100000 {print "whois " $5}' pfirewall.log | sh

But this seems to not work at all.

Also, I am picking a random large number for the last record NR==100000 (is there a way to find the last number here)?

BTW, my final line is this:

awk '$5 !~ /192.168.55.50/ {print "whois " $5}' pfirewall.log | sh | grep OrgName | sort | uniq -c

Maybe there's a better way to do what I'm trying to achieve.

 

[Annihilannic]

I have never had any success combining a range expression with other expressions, not sure it's possible.

You can just use NR >= 6 to get all of the records from 6 onwards. You do however need to join your expressions together using some kind of boolean operator, otherwise they are considered separate expressions.

awk 'NR>=6 && $5 !~ /192.168.55.50/ {print "whois " $5}' pfirewall.log | sh

Annihilannic.

 

[feherke]

Hi

I have never had any success combining a range expression with other expressions, not sure it's possible.

You are right. Just to be sure :

[small]The pattern1, pattern2 form of an expression is called a range pattern. It matches all input records starting with a record that matches pattern1, and continuing until a record that matches pattern2, inclusive.[/small] It does not combine with any other sort of pattern expression.

is there a way to find the last number here

Nope.

Feherke.

http://rootshell.be/~feherke/

 

[PHV]

is there a way to find the last [line] number here
Sure (in *nix world):

BEGIN{"wc -l "FILENAME | getline;lastNR=$1+0}

Hope This Helps, PH.
FAQ219-2884
FAQ181-2886

 

[feherke]

Hi

Sure (in *nix world)

Interesting world. The [tt]FILENAME[/tt] has value before any input file is processed. That certainly not works in [tt]gawk[/tt] and [tt]mawk[/tt] on Linux. :-(

Feherke.

http://rootshell.be/~feherke/