SED Help
Mike Vanecek
rh_list at mm-vanecek.cc
Sun May 16 14:27:39 UTC 2004
On Sun, 16 May 2004 10:12:21 -0400, Jason Dixon wrote
> On May 16, 2004, at 10:07 AM, Mike Vanecek wrote:
>
> > Given this text in packet.test2
> >
> > May 16 21:35:35 www kernel: icmp_try IN=eth0 OUT=
> > MAC=00:d0:09:3d:69:81:00:04:5a:ef:5e:1d:08:00 SRC=144.232.20.162
> > DST=192.168.1.95 LEN=56 TOS=0x00 PREC=0xC0 TTL=241 ID=57923 PROTO=ICMP
> > TYPE=11
> > CODE=0 [SRC=66.76.12.5 DST=200.216.94.217 LEN=40 TOS=0x00 PREC=0x00
> > TTL=1
> > ID=25653 PROTO=TCP INCOMPLETE [8 bytes] ]
> > May 16 21:54:39 www kernel: icmp_try IN=eth0 OUT=
> > MAC=00:d0:09:3d:69:81:00:04:5a:ef:5e:1d:08:00 SRC=144.232.7.98
> > DST=192.168.1.95 LEN=56 TOS=0x00 PREC=0x00 TTL=239 ID=0 PROTO=ICMP
> > TYPE=11
> > CODE=0 [SRC=66.76.12.5 DST=200.222.69.36 LEN=40 TOS=0x00 PREC=0x00
> > TTL=1
> > ID=62986 PROTO=TCP INCOMPLETE [8 bytes] ]
> >
> > Why does this command
> >
> > $ grep -i "`date '+%b %_d'`" packet.test2 | sed -re
> > 's/.*SRC=([0-9]+\.[0-9]+\.[0-9]+\.[0-9]).*/\1/'
> > 66.76.12.5
> > 66.76.12.5
> >
> > pick up the second SRC rather than the first?
>
> I'm not a sed expert, but I'm guessing it's behaving "greedy",
> similar to perl regex. The first SRC actually falls within the ".*"
> portion of your match, and the last match is what counts.
I thought it would pick up the first? If I change the second SRC to SRX, then
it does pick up the first one.
What do I need to specify to make it pick up the first one?
More information about the redhat-list
mailing list