The Greater Fool

Posts for Tag: awk

SymKat» SymKat | Five Text Processing Tools You Should Know

awk

With grep we found out how we could pull just the matching lines from a file. All we care about is the IP addresses used to log into symkat, though. We have a lot of information we don’t need and it’s making our eyes glaze over.

One trick we can do with awk is to show only the columns of information we want to know. In this case it’s the 8th column.

01 symkat@symkat:~$ awk '{print $8}' auth.log
02 10.0.0.234
03 172.16.32.56
04 192.168.1.100
05 10.0.0.234
06 10.0.0.234
07 172.16.32.56
08 10.0.0.234
09 172.16.32.56
10 172.16.32.56
11 10.0.0.234
12 10.0.0.234
13 10.0.0.234
14 192.168.1.100
15 10.0.0.234
16 symkat@symkat:~$

Awk expects to be given a pattern to match and an action and that’s exactly what we gave it. To understand how this works we have to understand a few key points about awk:

  1. Awk expects to be given a pattern to match and an action to run on input
  2. Awk assigns $1, $2, $3, and so on to correlate to the values of the input, split by white space. $1 = symkat.com in this example. $2 = sshd[]:

We did not include a pattern.  As such, awk will match on all lines.  The action we took was to print the eighth column.

It is worth noting that if I wanted additional information, such as both the username and the IP address a concatenation operator is not needed, the assumption is quoted text is literal (for instance, this quoting of a space between $6th value (username) and $8th value (IP Address):

01 symkat@symkat:~$ awk '{print $6 " " $8 }' auth.log
02 symkat 10.0.0.234
03 symkat 172.16.32.56
04 symkat 192.168.1.100
05 symkat 10.0.0.234
06 symkat 10.0.0.234
07 symkat 172.16.32.56
08 symkat 10.0.0.234
09 symkat 172.16.32.56
10 symkat 172.16.32.56
11 symkat 10.0.0.234
12 symkat 10.0.0.234
13 symkat 10.0.0.234
14 symkat 192.168.1.100
15 symkat 10.0.0.234
16 symkat@symkat:~$

One of my favorite unix commands along with grep, awk, gets a good writeup by SymKat. There's a reasonable Windows port at http://gnuwin32.sourceforge.net/packages/gawk.htm as part of the Gnu Win32 OSS project.