The Greater Fool

SymKat» SymKat | Five Text Processing Tools You Should Know


With grep we found out how we could pull just the matching lines from a file. All we care about is the IP addresses used to log into symkat, though. We have a lot of information we don’t need and it’s making our eyes glaze over.

One trick we can do with awk is to show only the columns of information we want to know. In this case it’s the 8th column.

01 [email protected]:~$ awk '{print $8}' auth.log

Awk expects to be given a pattern to match and an action and that’s exactly what we gave it. To understand how this works we have to understand a few key points about awk:

  1. Awk expects to be given a pattern to match and an action to run on input
  2. Awk assigns $1, $2, $3, and so on to correlate to the values of the input, split by white space. $1 = in this example. $2 = sshd[]:

We did not include a pattern.  As such, awk will match on all lines.  The action we took was to print the eighth column.

It is worth noting that if I wanted additional information, such as both the username and the IP address a concatenation operator is not needed, the assumption is quoted text is literal (for instance, this quoting of a space between $6th value (username) and $8th value (IP Address):

01 [email protected]:~$ awk '{print $6 " " $8 }' auth.log
02 symkat
03 symkat
04 symkat
05 symkat
06 symkat
07 symkat
08 symkat
09 symkat
10 symkat
11 symkat
12 symkat
13 symkat
14 symkat
15 symkat

One of my favorite unix commands along with grep, awk, gets a good writeup by SymKat. There's a reasonable Windows port at as part of the Gnu Win32 OSS project.