0

ok so i have some code that need help

Using AWK scan file and extract the lines that have activity for the IP address 192.168.122.1

Print out 3 lines of output 

 a) date/time first activity on the IP address was detected b) date/time last activity on the IP address was detected c) Total number of events detected on the IP address
Improve this question
5
  • Can you give some examples of how the input data is formatted? Commented Aug 16, 2017 at 1:13
  • Aug 10 06:44:19 CentOSBind avahi-daemon[676]: Withdrawing address record for fe80::f16:e258:f40e:ee97 on ens33. Aug 10 06:44:19 CentOSBind avahi-daemon[676]: Withdrawing address record for 192.168.15.150 on ens33. Aug 10 06:44:19 CentOSBind avahi-daemon[676]: Withdrawing workstation service for ens33. Aug 10 06:44:19 CentOSBind avahi-daemon[676]: Withdrawing workstation service for lo. Aug 10 06:44:19 CentOSBind avahi-daemon[676]: Host name conflict, retrying with CentOSBind-152 Aug 10 06:44:19 CentOSBind avahi-daemon[676]: Registering new address record for 192.168.122.1 on virbr0.IPv4. Commented Aug 16, 2017 at 1:15
  • its a basic log file. i need to print out the first time the ip addrees appears. then the last time it appears Commented Aug 16, 2017 at 1:16
  • Thanks, I posted a basic answer below. If that doesn't work for you, could you edit your question to include the formatted input data (instead of in a comment) and also the desired output format? Commented Aug 16, 2017 at 1:21
  • Show us the code you need help with so we can help you with it. Commented Aug 16, 2017 at 3:14

1 Answer 1

Reset to default
2

Based on what you've said so far, something like this might work for you:

# find all lines containing the IP grep -F 192.168.122.1 FILE > tmp head -n1 tmp # print first such line tail -n1 tmp # print last such line wc -l tmp # count the number of such lines

If you must use awk, here is one way:

# invoke as: # awk -f this_file.awk FILE BEGIN { count = 0 } /192\.168\.122\.1/ { if (count == 0) { print $0 # print the first line containing the IP last = $0 # in case the first line also happends to be the last count = 1 } else { count += 1 # record that another line contained the IP last = $0 # remember this line in case it ends up being the last } } END { if (count > 0) { print last # print the last line containing the IP } print count }
Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

thank you its works. but the problem i need a solution using AWK is some way
@ryanharmon Why do you need awk? Sounds like it might be an important part of the question.
in a class we are experimenting with AWK command and using it in scripts. as the actual out put is not important the execution is though
@ryanharmon I have updated my answer with an awk solution as well

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.