Regex and/or tokenizing shell script newbie - please help

[paulobrads]

I'm piping the results of a tcpdump to a shell script where I need to strip out SNMP OIDs and log just these.

The tcpdump output looks something like this:

16:58:54.480137 IP 10.215.140.27.4513 > 10.215.189.91.snmp:  GetRequest(28)  17.1.1
16:58:55.855419 IP 10.215.140.27.4514 > 10.215.189.91.snmp:  C=private SetRequest(35)  E:2011.6.3.3.1.1.6.0=3
16:58:56.086041 IP 10.215.140.27.4515 > 10.215.189.91.snmp:  C=private SetRequest(55)  E:2011.6.105.1.2.1.10.192.168.55.0.255.255.255.0.192.168.44.44.1.0=6
16:58:56.223718 IP 10.215.140.27.4516 > 10.215.189.91.snmp:  C=private SetRequest(55)  E:2011.6.105.1.2.1.6.192.168.11.11.255.255.255.0.192.168.66.66.1.0=22
16:58:56.246706 IP 10.215.140.27.4517 > 10.215.189.91.snmp:  C=private SetRequest(36)  E:2011.5.6.1.1.1.13.1111=6

The OID is always the last token of each line, can you recommend a way of stripping just this value? Grep or some string tokenizing function best?

Sorry to ask such an open ended question but hopefully you can help.

Cheers.

 

[LKBrwnDBA]

Try:

awk '{print $7;}' tcpdump

----------------------------------------------------------------------------
The person who says it can't be done should not interrupt the person doing it. -- Chinese proverb

 

[PHV]

The OID is always the last token of each line
awk '{print $NF}' /path/to/input

Hope This Helps, PH.
FAQ219-2884
FAQ181-2886

 

[LKBrwnDBA]

Arrrrrggg...forgot the obvious $NF.



----------------------------------------------------------------------------
The person who says it can't be done should not interrupt the person doing it. -- Chinese proverb