1 |
On Thu, Jul 07, 2005 at 07:18:26PM +0100, Michael Thompson wrote: |
2 |
> I am trying to extract information in my logs for a abuse department and am |
3 |
> using the code: |
4 |
> |
5 |
> Code: |
6 |
> |
7 |
> zcat /var/log/messages.*?.gz | grep 212.56.68.108 >> /home/mike/abuse1 |
8 |
> |
9 |
> The logs are standard: messages.??.gz |
10 |
> |
11 |
> However, when I examine the output, it starts on the 1st may, however the logs |
12 |
> contain details from the 25th Febuary. What am I doing wrong? |
13 |
|
14 |
This isn't the cause of your problem (which has probably been solved by some |
15 |
of the other posts), but don't forget that grep matches regexps, not strings, |
16 |
and "." in a regexp matches any single character. Therefore your code will match |
17 |
"212a56b68c108" (for example), as well as the ip you probably intended to match. |
18 |
|
19 |
To make sure you only match the ip, you'll need to escape the .s and surround |
20 |
the regexp by quotes: |
21 |
|
22 |
grep '212\.56\.68\.108' |
23 |
|
24 |
I'm probably telling you things you already know ;-) And it probably won't |
25 |
matter much anyway, but I thought I'd mention it in case it helps someone. |
26 |
|
27 |
Toby |
28 |
-- |
29 |
Quantum Information Theory group |
30 |
Max Planck Institute for Quantum Optics |
31 |
Garching, Germany |
32 |
|
33 |
email: toby@××××××××.org |
34 |
web: www.dr-qubit.org |
35 |
-- |
36 |
gentoo-user@g.o mailing list |