Any awk gurus on the list?
David Kelly
dkelly at hiwaay.net
Fri Aug 20 18:35:53 UTC 2010
On Fri, Aug 20, 2010 at 12:12:20PM -0500, Paul Schmehl wrote:
>
> But when I add an FS to the script, I get odd results:
>
> # awk '!/#/ { FS=";"; for (i=1; i<=NF; i++) { if ( $i ~ /sid/)
> {mtcmsg[sid]=$i; print mtcmsg[sid]}}}' <
> /usr/local/etc/snort/rules/mtc.rules.test
> sid:299913;
> sid:52123
> sid:3001441
> sid:1444
> sid:2008120
> sid:5001684
> sid:2001683
> sid:22466
> sid:2002750
> sid:3000003
> sid:292000032
> sid:22000032
> sid:3000000
> sid:2003070
> sid:2003484
> sid:2003603
> sid:31000004
> sid:299998
>
> Why is the first value indented and not stripped of the semi-colon?
Because field breaks occur first, then the match on the left, and only
when there is a match on the left is the script in {} executed. FS is
global so it sticks around for the next line of input.
I would suggest that you not try to learn awk on the command line but
put your script in a file. Then once you have it working and know what
you are doing put it on a single command line if its simple enough.
--
David Kelly N4HHE, dkelly at HiWAAY.net
========================================================================
Whom computers would destroy, they must first drive mad.
More information about the freebsd-questions
mailing list