SED Help
Michael Schwendt
fedora at wir-sind-cool.org
Sun May 16 14:49:18 UTC 2004
On Sun, 16 May 2004 09:07:43 -0500, Mike Vanecek wrote:
> Given this text in packet.test2
>
> May 16 21:35:35 www kernel: icmp_try IN=eth0 OUT=
> MAC=00:d0:09:3d:69:81:00:04:5a:ef:5e:1d:08:00 SRC=144.232.20.162
> DST=192.168.1.95 LEN=56 TOS=0x00 PREC=0xC0 TTL=241 ID=57923 PROTO=ICMP TYPE=11
> CODE=0 [SRC=66.76.12.5 DST=200.216.94.217 LEN=40 TOS=0x00 PREC=0x00 TTL=1
> ID=25653 PROTO=TCP INCOMPLETE [8 bytes] ]
> May 16 21:54:39 www kernel: icmp_try IN=eth0 OUT=
> MAC=00:d0:09:3d:69:81:00:04:5a:ef:5e:1d:08:00 SRC=144.232.7.98
> DST=192.168.1.95 LEN=56 TOS=0x00 PREC=0x00 TTL=239 ID=0 PROTO=ICMP TYPE=11
> CODE=0 [SRC=66.76.12.5 DST=200.222.69.36 LEN=40 TOS=0x00 PREC=0x00 TTL=1
> ID=62986 PROTO=TCP INCOMPLETE [8 bytes] ]
>
> Why does this command
>
> $ grep -i "`date '+%b %_d'`" packet.test2 | sed -re
> 's/.*SRC=([0-9]+\.[0-9]+\.[0-9]+\.[0-9]).*/\1/'
> 66.76.12.5
> 66.76.12.5
>
> pick up the second SRC rather than the first?
>
> My brain, eyes, or both are just not finding it...
Because the regular expression .* at the beginning matches the longest
substring possible. That includes everything up to the second SRC=
More information about the redhat-list
mailing list