using grep 2

[nrich239]

I'm running a program to go through an automatically generated report and I want it to pull out certain lines.

Right now I have the command

grep -i 'security violation by user'

but I need the 2 lines below it as well so I can see what user caused the violation.
There will always be 2 lines below this so don't worry about that.

Any help?

 

[vgersh99]

nawk -v pat='security violation by user' 'tolower($0) ~ pat { print; getline;getline; print }' myReportFile

vlad
+----------------------------+
| #include<disclaimer.h> |
+----------------------------+

 

[PHV]

The gnu grep has a -B option.

Hope This Helps, PH.
Want to get great answers to your Tek-Tips questions? Have a look at FAQ219-2884 or FAQ222-2244

 

[nrich239]

let me see if i've got this right

nawk -v pat='security violation by user' 'tolower($0) ~ pat { print; getline;getline; print }' myReportFile


nawk -v = runs it
pat = the pattern to search for
"tolower($0) = ?? dunno except that $0 shows the whole line
~ pat {print; getline;getline; print } = print pattern and get the two lines below it and print them as well

Am I close to following this?

 

[vgersh99]

nawk -v pat='security violation by user' 'tolower($0) ~ pat { print; getline;getline; print }' myReportFile


nawk -v = runs it
pat = the pattern to search for

-v pat='security violation by user'

assigns a variable 'pat' a value of the quoted string

"tolower($0) = ?? dunno except that $0 shows the whole line

converts the current line to all LOWER-CASE letters

~ pat {print; getline;getline; print } = print pattern and get the two lines below it and print them as well

compares the lower-cased current line to the value of the variable 'pat'. If 'pat' is found within a current line, prints out the current line, "eats up" the next line and prints the second line below the "matched" line.

Otherwise you were close enough.

vlad
+----------------------------+
| #include<disclaimer.h> |
+----------------------------+

 

[nrich239]

Now the only question is how does nawk know the current line?
I don't have any loops running.

Currently when I run the program with the nawk command, it sits idle

 

[vgersh99]

Now the only question is how does nawk know the current line?
I don't have any loops running.

awk/nawk/*awk operate on the per-record basis. By default the record separator is a NEWLINE character. Therefore, awk-s iterate one line at the time.

Currently when I run the program with the nawk command, it sits idle

how do you execute the posted solution AND what is the name of the file you need to parse?

vlad
+----------------------------+
| #include<disclaimer.h> |
+----------------------------+

 

[nrich239]

The name of the file "G0003V00" (those are zero's)

#!/bin/ksh
##Script to find all instances of where the user tried to log on too many times

print -n 'Enter the file to scan: '
read ANS

print "Passwords not matched" > "results"

grep -i 'password not matched' $ANS >> "results"

print " " >> "results"
print "*****************************" >> "results"
print " " >> "results"
print "Logon suspended because of password violations" >> "results"
print " " >> "results"
print "*****************************" >> "results"
print " " >> "results"

grep -i 'suspended because of password' $ANS >> "results"

print " " >> "results"
print "*****************************" >> "results"
print " " >> "results"
print "Security violations" >> "results"
print " " >> "results"
print "*****************************" >> "results"
print " " >> "results"

grep -i 'security violation by user' $ANS >> "results"

nawk -v pat='security violation by user' 'tolower($0) ~ pat { printf; getline;ge
tline; printf }' >> "results"

more results

 

[iribach]

nrich239: try to write shell
you are opening 'result' for write&&append 20 times
not important in this exemple, but in a big env...

rm -f ${result:=result}
[b]([/b]
statement .....
statement .....
statement .....
statement .....
statement .....
[b])]/b] >$result

 

[iribach]

sorry for typo, shoul be:

rm -f ${result:=result}
[b]([/b]
statement .....
statement .....
statement .....
statement .....
statement .....
[b])[/b] >$result

 

[PHV]

And, obviously, don't forget to give nawk an INPUT file if you don't want it sits idle waiting data from its standard input (probably your keyboard...)

Hope This Helps, PH.
Want to get great answers to your Tek-Tips questions? Have a look at FAQ219-2884 or FAQ222-2244

 

[nrich239]

I tried using:
nawk -f $ANS -v pat='security violation by user' 'tolower($0) ~ pat { printf; getline;getline; printf }' >> "results"


but I get the error
nawk: syntax error at source line 1
context is
>>> ** <<< ****************************************************
nawk: bailing out at source line 1

 

[vgersh99]

man awk

nawk -v pat='security violation by user' 'tolower($0) ~ pat { printf; getline;getline; printf }' $ANS >> "results"

vlad
+----------------------------+
| #include<disclaimer.h> |
+----------------------------+

 

[nrich239]

Thanks guys, you've been extremely helpful.
it's kinda sad that I can come here and get help faster than calling up the unix guys at work becuase they complicate things 20 times more than they need to be.

Thanks again,
Nate