Thanks for all that responded to my question about my script problem.
In short I did get an answer (and there where many). Below are some
of responses that I got that worked. One response was a detailed
probem of why I was getting there error, very helpful...
Names are mentioned below as well, since a few people recommended the
same solution. If I have left anyone out, please it was not
intentional...
It should be noted that I was told several times to NOT use csh, but
sh or ksh. However, when you are learning, it helps to pick
something that you are familiar with and at a later time migrate over
to another script language. I can't refute any comments made since
I'm not a expert script writer, but when time is short and you need
something quick, one can't always pick the best solution especially
when it comes to writing scripts. Plus I'm learning csh and even if
my script is crude, it can only get better... Hopefully :) Again
thanks for you help.
Here is a helpful site that explains why you should NOT use csh:
http://language.perl.com/versus/csh.whynot
Also noted, swatch was brought up as a program to monitor log files.
I haven't used it, but heard it was very useful:
ftp://ftp.stanford.edu/general/security-tools/swatch
-------
Question...
> My problem is that the set command that assigns my variable LOG_LINE
> doesn't like the characters of "[" and I get a error messages : "set:
> No match". I have tried to use sed to replace the "[" with
> something else, but sed fail as well.
> Command that fails:
> set LOG_LINE = `/bin/line` < TEMP_FILE
>
> Example log: (TEMP_FILE)
> Mar 16 11:11:26 host1 in.telnetd[1892]: connect from mac-john.x.x.x
> Mar 16 11:12:26 host1 in.telnetd[1892]: connect from mac-john.x.x.x
> Mar 16 11:13:26 host1 in.telnetd[1892]: connect from mac-john.x.x.x
--------
Summary.... (Solutions that worked):
- set LOG_LINE = "`/bin/line < TEMP_FILE`"
- sed -e s/"\["//g -e s/"\]"//g (I reported that sed fails, but I
messed up on the various "/[\", but if you get it right it works. )
- There are two things associated with this problem. The first one is the
evaluation of the righthand side of the 'set' command. The following will not
work:
set VAR=something [something else]
The shell interprets 'something' as an array because it sees the brackets. In
order to make something like this work you have to quote the right side:
set VAR="something [something else]"
Then you also have a problem when you reference to a variable which value looks
like an array variable. Even though, VAR (in our example) contains the value
'something [something else]', an expansion of $VAR will fail with 'no match'.
The C shell thinks that $VAR is an array variable and tries to evaluate it
before it yields the value. This, of course, fails in our case, because
'something' is not an array. The only way to make this work is
quoting. Whenever
you want to expand $VAR you have to wrap it in double quotes:
echo "$VAR"
Let's correct your script. Your assignment
set LOG_LINE = `/bin/line` < TEMP_FILE
is correct (the back quotes tell the shell not to evaluate the left hand side
any further). Then, whenever you need $LOG_LINE you have to put it in double
qoutes. Try it - it will work.
A very good source for information about the C shell is the man page. It's a
little dense but very, very rich in information.
--------
(Haven't tried, but might work):
- you can use tr or sed command to strip unwanted chars
- while read LOG_LINE ; do
<<whatever you want to do with LOG_LINE>>
done < TEMP_FILE
- tr -d "[='['=]" <outfile>newoutfile; Then run your script against newoutfile
- Using sh/ksh/bash syntax: while read x ; do echo "$x" ; done < foo
- set noglob
set LOG_LINE = `/bin/line` < TEMP_FILE
unset noglob
- set LOG_LINE = `/bin/line | sed -e 's/\[/</g' -e 's/]/>/g'` < TEMP_FILE
Script Example that was included:
-------------------------------------- (cut here) ---------------------
#!/bin/sh
#
# Read input that looks like this:
#
# Mar 16 11:11:26 host1 in.telnetd[1892]: connect from mac-tom.x.x.x
# Mar 16 11:12:26 host1 in.telnetd[1892]: connect from mac-dick.x.x.x
# Mar 16 11:13:26 host1 in.telnetd[1892]: connect from mac-harry.x.x.x
# Mar 16 11:13:27 host1 in.telnetd[1892]: connect from mac-harry.x.x.x
# Mar 16 11:13:28 host1 in.telnetd[1892]: connect from mac-harry.x.x.x
#
# Write a short report that looks like this:
#
# # Logins Userid
# -------- ------
# 1 mac-dick.x.x.x
# 1 mac-tom.x.x.x
# 3 mac-harry.x.x.x
PATH=/bin:/usr/sbin
export PATH
logfile="tmpfile"
grep telnetd $logfile | # read telnet sessions ...
sed -e 's/.*connect from //' | # ... save only userid
sort | # ... sort by userid
uniq -c | # ... count unique lines
sort -n | # ... sort by count
awk 'BEGIN {
printf "# Logins\tUserid\n";
printf "--------\t------\n";
}
{
printf "%8d\t%s\n", $1, $2
}' # ... and format nicely.
exit 0
-------------------------------------- (cut here) ---------------------
Thanks to:
Hahn Kyu Chung <hchung@hp6.cems.umn.edu>, Mark.Neill@fanb.com, Damir
Delija <ddelija@srce.hr>, timothy.p.peterman@lmco.com,
ranks@avnasis.jccbi.gov, sweth@astaroth.nit.gwu.edu,
Jonathan.Loh@BankAmerica.com, Craig Raskin <raskin@compusec.org>,
Michael Hocke <michaelh@slmd.com>, u-kevin@megami.veritas.com,
vogelke@c17mis.region2.wpafb.af.mil, tim@dciem.dnd.ca,
birger@sdata.no, gerhard@james.jason.nl
--
| Voice: (202) 404-3740 or
Michael Will | Voice: (202) 767-9196 Ext. 226
Naval Research Lab Code 8140 | Fax: (202) 404-8918
4555 Overlook Ave. SW | E-mail: will@kingcrab.nrl.navy.mil
Washington, DC 20375 | Skypage: 1-800-SKY-PAGE #1528803 or
1528803@skytel.com
Key fingerprint = B5BC B3BB 8995 D642 309F 9A12 9C4F D4A2 9774 DD13
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:13:17 CDT