Command execution in sed while preserving unmatched part of the line - shell
It is simple - I have a data stream with IPv4 addresses encoded into hexadecimal representation like for example 0c22384e which stands for 12.34.56.78.
I figured out sed command with substitution of captured octets into decimal numbers separated by dot.
echo "0c22384e" | sed -E 's/([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{2})/printf "%d.%d.%d.%d" 0x\1 0x\2 0x\3 0x\4/eg'
This works with a single number BUT as soon I add some text that is not supposed to be matched, it is also passed for the execution - via printf in this case.
How can I preserve the unmatched part of the line without being passed for the execution?
With only one address in a line you could use
echo "Something 0c22384e more" |
sed -r 's/(.*)([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{2})(.*)/"\1" 0x\2 0x\3 0x\4 0x\5 "\6"/' |
xargs -n6 printf '%s%d.%d.%d.%d%s\n'
EDIT:
Replaced solution for one line and more addresses
with solution for more lines (assuming no '\r' in the stream):
echo "Something 0c22384e more 0c22385e
Second line: 0c22386e and 0c223870
Third line: 0c22388e and 0c223890
4th line: 0c2238ae and 0c2238b0" |
sed 's/$/\r/' |
sed -r 's/[0-9a-f]{8}/\n&\n/g' |
sed -r 's/([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{2})/printf '%d.%d.%d.%d' 0x\1 0x\2 0x\3 0x\4/e' |
tr -d '\n' |
tr '\r' '\n'
Related
Bash regex: get value in conf file preceded by string with dot
I have to get my db credentials from this configuration file: # Database settings Aisse.LocalHost=localhost Aisse.LocalDataBase=mydb Aisse.LocalPort=5432 Aisse.LocalUser=myuser Aisse.LocalPasswd=mypwd # My other app settings Aisse.NumDir=../../data/Num Aisse.NumMobil=3000 # Log settings #Aisse.Trace_AppliTpv=blabla1.tra #Aisse.Trace_AppliCmp=blabla2.tra #Aisse.Trace_AppliClt=blabla3.tra #Aisse.Trace_LocalDataBase=blabla4.tra In particular, I want to get the value mydb from line Aisse.LocalDataBase=mydb So far, I have developed this mydbname=$(echo "$my_conf_file.conf" | grep "LocalDataBase=" | sed "s/LocalDataBase=//g" ) that returns mydb #Aisse.Trace_blabla4.tra that would be ok if it did not return also the comment string. Then I have also tryed mydbname=$(echo "$my_conf_file.conf" | grep "Aisse.LocalDataBase=" | sed "s/LocalDataBase=//g" ) that retruns void string. How can I get only the value that is preceded by the string "Aisse.LocalDataBase=" ?
Using sed $ mydbname=$(sed -n 's/Aisse\.LocalDataBase=//p' input_file) $ echo $mydbname mydb
I'm afraid you're being incomplete: You mention you want the line, containing "LocalDataBase", but you don't want the line in comment, let's start with that: A line which contains "LocalDataBase": grep "LocalDataBase" conf.conf.txt A line which contains "LocalDataBase" but who does not start with a hash: grep "LocalDataBase" conf.conf.txt | grep -v "^ *#" ??? grep -v "^ *#" That means: don't show (-v) the lines, containing: ^ : the start of the line * : a possible list of space characters # : a hash character Once you have your line, you need to work with it: You only need the part behind the equality sign, so let's use that sign as a delimiter and show the second column: cut -d '=' -f 2 All together: grep "LocalDataBase" conf.conf.txt | grep -v "^ *#" | cut -d '=' -f 2 Are we there yet? No, because it's possible that somebody has put some comment behind your entry, something like: LocalDataBase=mydb #some information In order to prevent that, you need to cut that comment too, which you can do in a similar way as before: this time you use the hash character as a delimiter and you show the first column: grep "LocalDataBase" conf.conf.txt | grep -v "^ *#" | cut -d '=' -f 2 | cut -d '#' -f 1 Have fun.
You may use this sed: mydbname=$(sed -n 's/^[^#][^=]*LocalDataBase=//p' file) echo "$mydbname" mydb RegEx Details: ^: Start [^#]: Matches any character other than # [^=]*: Matches 0 or more of any character that is not = LocalDataBase=: Matches text LocalDataBase=
You can use mydbname=$(sed -n 's/^Aisse\.LocalDataBase=\(.*\)/\1/p' file) If there can be leading whitespace you can add [[:blank:]]* after ^: mydbname=$(sed -n 's/^[[:blank:]]*Aisse\.LocalDataBase=\(.*\)/\1/p' file) See this online demo: #!/bin/bash s='# Database settings Aisse.LocalHost=localhost Aisse.LocalDataBase=mydb Aisse.LocalPort=5432 Aisse.LocalUser=myuser Aisse.LocalPasswd=mypwd # My other app settings Aisse.NumDir=../../data/Num Aisse.NumMobil=3000 # Log settings #Aisse.Trace_AppliTpv=blabla1.tra #Aisse.Trace_AppliCmp=blabla2.tra #Aisse.Trace_AppliClt=blabla3.tra #Aisse.Trace_LocalDataBase=blabla4.tra' sed -n 's/^Aisse\.LocalDataBase=\(.*\)/\1/p' <<< "$s" Output: mydb Details: -n - suppresses default line output in sed ^[[:blank:]]*Aisse\.LocalDataBase=\(.*\) - a regex that matches the start of a string (^), then zero or more whiespaces ([[:blank:]]*), then a Aisse.LocalDataBase= string, then captures the rest of the line into Group 1 \1 - replaces the whole match with the value of Group 1 p - prints the result of the successful substitution.
Parsing CSV records when a value is multiline
Source file looks like this: "google.com", "vuln_example1 vuln_example2 vuln_example3" "facebook.com", "vuln_example2" "reddit.com", "stupidly_long_vuln_name1" "stackoverflow.com", "" I've been trying to get the output to be something like this but the line breaks seem to cause me no end of problems. I'm using a "while read line" job to do this because I do some processing on the columns (e.g Vulnerability count and url in this example). This is output into a jenkins job (yuk). The basic summary of the problem is getting the linebreaks in the csv to be output into the third column while retaining the table structure. I've got a sort of weird example of the desired output below. ||hostname ||Vulnerability count|| Vulnerability list || URL || |google.com |3 |vuln_example1 |http://cve.com/vuln_example1| | | |vuln_example2 |http://cve.com/vuln_example2| | | |vuln_example3 |http://cve.com/vuln_example3| |facebook.com |1 |vuln_example2 |http://cve.com/vuln_example2| |reddit.com |1 |stupidly_long_vuln_name1 |http://cve.com/stupidly_long_vuln_name1| |stackoverflow.com |0 | || Looking at this... I've got a feeling it might be easier by showing some code and example output.
Parsing your input with the command line below makes the problem easier (I'm assuming the inputs are correct): perl -0777 -pe 's/([^"])\s*\n/\1 /g ; s/[",]//g' < sample.txt This line invokes Perl to perform two regex substitutions: s/([^"])\s*\n/\1 /g: This substitution removes an end of line if it doesn't terminate by a quote " (i.e. if a host entry, with all vulnerabilities isn't yet complete). s/[",]//g removes all quotes and commas remaining. For each host entry like this one: "google.com", "vuln_example1 vuln_example2 vuln_example3" You'll get: google.com vuln_example1 vuln_example2 vuln_example3 Then you can assume for each line, you have an host and a set of vulnerabilities. The given example below stores vulnerabilities in an array and loop through it, formatting and printing each line: # Replace this by your custom function # to get an URL for a given vulnerability function get_vuln_url () { # This just displays a random url for an non-empty arg [[ -z "$1" ]] || echo "http://host/$1.htm" } # Format your line (see printf help) function print_row () { printf "%-20s|%5s|%-30s|%s\n" "$#" } # The perl line reformat perl -0777 -pe 's/([^"])\s*\n/\1 /g ; s/[",]//g' < sample.txt | while read -r line ; do arr=(${line}) print_row "${arr[0]}" "$((${#arr[#]} - 1))" "${arr[1]}" "$(get_vuln_url ${arr[1]})" #echo -e "${arr[0]}\t|$vul_count\t|${arr[1]}\t|$(get_vuln_url ${arr[1]})" for v in "${arr[#]:2}" ; do print_row " " " " "$v" "$(get_vuln_url ${arr[1]})" done done Output: google.com | 3|vuln_example1 |http://host/vuln_example1.htm | |vuln_example2 |http://host/vuln_example1.htm | |vuln_example3 |http://host/vuln_example1.htm facebook.com | 1|vuln_example2 |http://host/vuln_example2.htm reddit.com | 1|stupidly_long_vuln_name1 |http://host/stupidly_long_vuln_name1.htm stackoverflow.com | 0| | Update. If you don't have Perl, and if your file doesn't have tabulations, you can use this command as a workaround instead: tr '\n' '\t' < sample.txt | sed -r -e 's/([^"])\s*\t/\1 /g' -e 's/[",]//g' -e 's/\t/\n/g' tr '\n' '\t' replaces all ends of line by tabulations sed part acts like Perl line, except it deals with tabulations instead of ends of line and restores tabulations back to ends of line.
Using sed to find a string with wildcards and then replacing with same wildcards
So I am trying to remove new lines using sed, because it the only way I can think of to do it. I'm completely self taught so there may be a more efficient way that I just don't know. The string I am searching for is \HF=-[0-9](newline character). The problem is the data it is searching through can look like (Note: there are actual new line characters in this data, which I think is causing a bit of the problem) 1\1\GINC-N076\SP\RMP2-FC\CC-pVDZ\C12H12\R2536\09-Apr-2020\0\\# mp2/cc- pVDZ\\Squish3_Slide0\\0,1\H,0,0.,2.4822,0.\C,0,0.,1.3948,0.\C,0,0.,-1. 3948,0.\C,0,1.2079,0.6974,0.\C,0,-1.2079,0.6974,0.\C,0,-1.2079,-0.6974 ,0.\C,0,1.2079,-0.6974,0.\H,0,2.1497,1.2411,0.\H,0,-2.1497,1.2411,0.\H ,0,-2.1497,-1.2411,0.\H,0,2.1497,-1.2411,0.\H,0,0.,-2.4822,0.\C,0,0.,1 .3948,3.\C,0,0.,-1.3948,3.\C,0,1.2079,0.6974,3.\C,0,-1.2079,0.6974,3.\ C,0,-1.2079,-0.6974,3.\C,0,1.2079,-0.6974,3.\H,0,0.,2.4822,3.\H,0,2.14 97,1.2411,3.\H,0,-2.1497,1.2411,3.\H,0,-2.1497,-1.2411,3.\H,0,2.1497,- 1.2411,3.\H,0,0.,-2.4822,3.\\Version=ES64L-G09RevD.01\State=1-AG\HF=-4 61.3998608\MP2=-463.0005321\RMSD=3.490e-09\PG=D02H [SG"(C4H4),X(C8H8)] \\# OR 1\1\GINC-N076\SP\RMP2-FC\CC-pVDZ\C12H12\R2536\09-Apr-2020\0\\# mp2/cc- pVDZ\\Squish3.1_Slide0\\0,1\H,0,0.,2.4822,0.\C,0,0.,1.3948,0.\C,0,0.,- 1.3948,0.\C,0,1.2079,0.6974,0.\C,0,-1.2079,0.6974,0.\C,0,-1.2079,-0.69 74,0.\C,0,1.2079,-0.6974,0.\H,0,2.1497,1.2411,0.\H,0,-2.1497,1.2411,0. \H,0,-2.1497,-1.2411,0.\H,0,2.1497,-1.2411,0.\H,0,0.,-2.4822,0.\C,0,0. ,1.3948,3.1\C,0,0.,-1.3948,3.1\C,0,1.2079,0.6974,3.1\C,0,-1.2079,0.697 4,3.1\C,0,-1.2079,-0.6974,3.1\C,0,1.2079,-0.6974,3.1\H,0,0.,2.4822,3.1 \H,0,2.1497,1.2411,3.1\H,0,-2.1497,1.2411,3.1\H,0,-2.1497,-1.2411,3.1\ H,0,2.1497,-1.2411,3.1\H,0,0.,-2.4822,3.1\\Version=ES64L-G09RevD.01\St ate=1-AG\HF=-461.4104442\MP2=-463.0062587\RMSD=3.651e-09\PG=D02H [SG"( C4H4),X(C8H8)]\\# OR 1\1\GINC-N076\SP\RMP2-FC\CC-pVDZ\C12H12\R2536\09-Apr-2020\0\\# mp2/cc- pVDZ\\Squish3.3_Slide1.7\\0,1\H,0,0.,2.4822,0.\C,0,0.,1.3948,0.\C,0,0. ,-1.3948,0.\C,0,1.2079,0.6974,0.\C,0,-1.2079,0.6974,0.\C,0,-1.2079,-0. 6974,0.\C,0,1.2079,-0.6974,0.\H,0,2.1497,1.2411,0.\H,0,-2.1497,1.2411, 0.\H,0,-2.1497,-1.2411,0.\H,0,2.1497,-1.2411,0.\H,0,0.,-2.4822,0.\C,0, 0.,-0.3052,3.3\C,0,0.,-3.0948,3.3\C,0,1.2079,-1.0026,3.3\C,0,-1.2079,- 1.0026,3.3\C,0,-1.2079,-2.3974,3.3\C,0,1.2079,-2.3974,3.3\H,0,0.,0.782 2,3.3\H,0,2.1497,-0.4589,3.3\H,0,-2.1497,-0.4589,3.3\H,0,-2.1497,-2.94 11,3.3\H,0,2.1497,-2.9411,3.3\H,0,0.,-4.1822,3.3\\Version=ES64L-G09Rev D.01\State=1-AG\HF=-461.436061\MP2=-463.0177441\RMSD=7.859e-09\PG=C02H [SGH(C4H4),X(C8H8)]\\# OR 1\1\GINC-N076\SP\RMP2-FC\CC-pVDZ\C12H12\R2536\09-Apr-2020\0\\# mp2/cc- pVDZ\\Squish3.6_Slide0.9\\0,1\H,0,0.,2.4822,0.\C,0,0.,1.3948,0.\C,0,0. ,-1.3948,0.\C,0,1.2079,0.6974,0.\C,0,-1.2079,0.6974,0.\C,0,-1.2079,-0. 6974,0.\C,0,1.2079,-0.6974,0.\H,0,2.1497,1.2411,0.\H,0,-2.1497,1.2411, 0.\H,0,-2.1497,-1.2411,0.\H,0,2.1497,-1.2411,0.\H,0,0.,-2.4822,0.\C,0, 0.,0.4948,3.6\C,0,0.,-2.2948,3.6\C,0,1.2079,-0.2026,3.6\C,0,-1.2079,-0 .2026,3.6\C,0,-1.2079,-1.5974,3.6\C,0,1.2079,-1.5974,3.6\H,0,0.,1.5822 ,3.6\H,0,2.1497,0.3411,3.6\H,0,-2.1497,0.3411,3.6\H,0,-2.1497,-2.1411, 3.6\H,0,2.1497,-2.1411,3.6\H,0,0.,-3.3822,3.6\\Version=ES64L-G09RevD.0 1\State=1-AG\HF=-461.4376969\MP2=-463.0163868\RMSD=7.263e-09\PG=C02H [ SGH(C4H4),X(C8H8)]\\# Basically the number I am looking for can be broken up into two lines at any point based on character count. I need to get rid of the newline breaking up the number so that I can extract the entire value into a separate file. (I have no problems with the extraction to a new file, hence why it isn't included in the code) Currently I am using this code sed -i ':a;N;$!ba;s/HF=-*[0-9]*\n/HF=-*[0-9]*/g' $i && Which ALMOST works, expect it doesn't replace the wildcard values with the same values. It replaces it with the actual text [0-9] instead and doesn't always remove the new line character. Important to the is that THERE ARE ACTUAL NEW LINE CHARACTERS in the output file and there is no way to change that without messing up the other 30 lines I am extracting from this output file. What I want is to just get rid of the newline characters that occur when that string is found, regardless of how many digits there are in between the - sign and the newline character. So the expected output would be something like 1\1\GINC-N076\SP\RMP2-FC\CC-pVDZ\C12H12\R2536\09-Apr-2020\0\\# mp2/cc- pVDZ\\Squish3_Slide0\\0,1\H,0,0.,2.4822,0.\C,0,0.,1.3948,0.\C,0,0.,-1. 3948,0.\C,0,1.2079,0.6974,0.\C,0,-1.2079,0.6974,0.\C,0,-1.2079,-0.6974 ,0.\C,0,1.2079,-0.6974,0.\H,0,2.1497,1.2411,0.\H,0,-2.1497,1.2411,0.\H ,0,-2.1497,-1.2411,0.\H,0,2.1497,-1.2411,0.\H,0,0.,-2.4822,0.\C,0,0.,1 .3948,3.\C,0,0.,-1.3948,3.\C,0,1.2079,0.6974,3.\C,0,-1.2079,0.6974,3.\ C,0,-1.2079,-0.6974,3.\C,0,1.2079,-0.6974,3.\H,0,0.,2.4822,3.\H,0,2.14 97,1.2411,3.\H,0,-2.1497,1.2411,3.\H,0,-2.1497,-1.2411,3.\H,0,2.1497,- 1.2411,3.\H,0,0.,-2.4822,3.\\Version=ES64L-G09RevD.01\State=1-AG\HF=-461.3998608\MP2=-463.0005321\RMSD=3.490e-09\PG=D02H [SG"(C4H4),X(C8H8)] \\# These files are rather large and have over 1500 executions of this line of code, so the more efficient the better. Everything else in the script this is in is using a combination of grep, awk, sed, and basic UNIX commands. EDIT After trying sed -i -E ':a;N;$!ba;s/(\\HF=-?[.0-9]*)\n/\1/' $i && I still had no luck getting rid of those pesky new line characters. If it has any effect on the answers at all here is the rest of the code to go with the one line that is causing problems echo name HF MP2 mpdiff | cat > allE for i in *.out do echo name HF MP2 mpdiff | cat > $i.allE grep "Slide" $i | cut -d "\\" -f2 | cat | tr -d '\n' > $i.name && grep "EUMP2" $i | cut -d "=" -f3 | cut -c 1-25 | tr '\n' ' ' | tr -s ' ' >> $i.mp && grep "EUMP2" $i | cut -d "=" -f2 | cut -c 1-25 | tr '\n' ' ' | tr -s ' ' >> $i.mpdiff && sed -i -E ':a;N;$!ba;s/(\\HF=-?[.0-9]*)\n/\1/' $i && grep '\\HF' $i | awk -F 'HF' '{print substr($2,2,14)}' | tr '\n' ' ' >> $i.hf && paste $i.name >> $i.energies && sed -i 's/ /0 /g' $i.hf && sed -i 's/\\/0/g' $i.hf && sed -i 's/[A-Z]/0/g' $i.hf && paste $i.hf >> $i.energies && sed -i 's/[ABCEFGHIJKLMNOPQRSTUVWXYZ]//g' $i.mp && paste $i.mp >> $i.energies && sed -i 's/[ABCEFGHIJKLMNOPQRSTUVWXYZ]//g' $i.mpdiff && paste $i.mpdiff >> $i.energies && transpose $i.energies >> $i.allE #temp.txt && #cat temp.txt > $i.energies #echo $i is finished done echo see allE for energies #rm *.energies #temp.txt rm *.name rm *.mp rm *.hf rm *.mpdiff
Here is how you can fix your current attempt. sed -E ':a;N;$!ba;s/(\\HF=-?[.0-9]*)\n/\1/' Add the i flag if you want to make the changes on the file itself, add && to send the job to the background, etc. The -E flag is needed, because backreferences (see below) are part of extended regular expressions. I made the following changes: I changed -* to -? as there should be at most one dash (if I understand correctly and that is in fact a minus sign, not a dash). I added the period to the bracket expression, so that the decimal point would be matched too. (Note that in a bracket expression, the dot is a regular character). I wrapped the whole thing except the newline in parentheses - making it into a subexpression, which you can refer to with a backreference - which is what I did in the replacement part. A few notes though - this will join the lines even if the entire number is at the end of one line, but not followed by the closing \. If in fact the entire number being on one line, but the closing \ is on the next line, you can change the sed command slightly, to leave those alone. On the other hand, this does not handle situations where, for example, one line ends in \H and the next line begins with F=304.222\ You only mentioned "split number" in your problem statement; shouldn't you, though, also handle such cases, where the newline splits the \HF=...\ token, just not in the "number" portion of the token?
It looks like your input lines start with a space. I have ignored them in this solution. sed -rz 's/(AG\\HF=-[0-9]*)\n/\1/g' "$i"
How to parse strace in shell into plain text?
I've trace log generated by strace command like on running PHP by: sudo strace -e sendto -fp $(pgrep -n php) -o strace.log And the output looks like: 11208 sendto(4, "set 29170397297_-cache-schema 85 0 127240\r\n\257\202\v\0?\0\0\0\2\27\10stdClass\24\7\21\3cid\21\6schema\21\4d\37ata\25\n\247\21\5block\24\6\21\6fields\24\f\21\3bid\24\2\5\21\4type 0\37erial\21\10not null\5\21\6module\24\4\16\7\21\7va\37rchar\21\6length\6#\16\t\5\21\7default\r\21\5de\2lta#\5\16\v\16\f\6 \35\7\16\r\21\0010\21\5t \207C\30#6\2\16\r\r n\4tatus#0\4\21\3int/\7\6\0\21\4size \222\finy\21\6weight\24\3 ;\0\22\300 \6\6region#8\340\5P\5custom\27\300,\17\16\23\16\24\21\nvisibility\340\t\34\7\5pages\24\2 \205\3\4tex#\206 \261\1it \365\0\5\240\0\377y\10\r\21\ftransl!N\2ble %\1ca!a\340\3Q\0\1n\31\vprimary key\24\1\6\0\16\6\21\vunique#\21\ts\24\1\21\3tmd\24\3 \31\0\20 2\v\n\6\2\16\16\21\7index \210\10\1\21\4list\24\5\240\36\0\21 \36\10\26\6\3\16\25\6\4\16\n \1\6\4\21\4name \7\0\na\317\2_ro\252\0\5!$\0\n \3\341\2\23\0\16\340\0\16A\214\2\21\3r!\354# \v\22\21\10unsigned\5#\332\0\36\213\0\n \213\0\16 l\6%\16!\24\1\16%\271\0%#p\5\16#\16$\21\f\200l\241b#n\2\4\16\6M\2\10\16&#E\4\21\4bod\201_\5\32\16\t\4\16\23B\\\2g\16\34 \30\3info .\0\7a\255\0\200#q!L\5\6forma\201\332B/!d\2\4\16\37 y\0*y\0 \225a;\240\201\2'\21\van\0_\207\200\2\5\16\1\340\0U =#U\1\16\3#\222 \212\2lob#O\n\23\16)\21\6expire#\30\342\0\26\7\21\7create\241\17< \25\0\n\203\1\"\177\0dY\0\22 \305\5\5small\240!a\32\0.\230\0.\240\240\0\1\240\240\3,\21\vb S\2kpo\"\313\2s\24\6!\220\2\t\21\2\241q\0\10 ?\4\21\tno \213\6ort\5\21\fm\";\3ine_A\313\232\241\3\2\5\16#\340\4\16!\345\340\0U\223\340\0'AC\4sourc\202\202\340\3\27\0\v\200\27\0_C\326\340\0074\1\16\21_\240\363\2\1\16\25\340\3\16\r\0\21\vmultipliers\31\0- \223\1\21\t\341\0\30B-\0\1!\10\0003a\253\0005\v\0005ac \327Dz\"\364 \20\0\10 \6\0 #\333\r\0165\16\36\0163\21\nidenti$x\nr\0166\21\vadmin_ce\10\21\5label\21\f\244H\6 hook\21\23\240\r\0_\340\1\375\fs\21\3api\24\4\21\5own F\0062\16C\16B\21\17 H\5imum_v \260$\25\7\6\1\21\17curr m\340\1\22!\242\0002\"\305\0022\21\20\340\1N\5_groupa\247\2\6\0163\352\0\10 \352\2\0164\5 \325C%\341\0P\341\5\220\1\0162aQA\26\4\16:\5\21\17\201\321\1 c\"$\5back\21#\340\7b\0_\200!\340\3\311\1\16\7C\340\0a!\312\1\no \300#\240!&}\241\237\0\0\242e\341\4n\5\16;\24\10\16< \7\2=\21\35\340\1m\0\320\0 \342\3XAz\v\16>\16G\16?\16#\16A\21\30\341\tT\201\5\1\21\22\200\243\0 B0\6 string#o\4toolsbD\1\16C \260\0D!D\4C\16L\16E!P\0F \3\201T\16G\21\21ckeditor_set%\266\0gE\323\0\5%Q\0# 4#\345!)\"w#\372\1\21\10\340\0!\0\1 \31\0\32\240\334\4#\16\n\21\10\300D \r\2O\21\25\300\r\6_input_\244+\340\16V\1\16+ \31\340\4h X\0\2!;\0# \245\0+ \247\0Q T\7R\21\26comme#/\0_%\266\2cko W\3pane ;\4\5\24\10\21\7#\v\0_\243\257\301\231\1\21\4F\35 !\340\1\22F\323\0021\21\10\"\311'B\0e#\223A\254&f`\346\"~\6\vcollap&q%\227\340\6\35\2\0\21\t\240\35\344\1a\3009\0\0#\212\300.\0001\200L$\247\1enFl\344\0\216\300,\0\1G\5\3view\340\0002\300\177 \372\0\1 K\0T!"..., 8196, MSG_NOSIGNAL|MSG_MORE, NULL, 0) = 8196 It sounds like these are represented by ordinary C escape codes. I've tried to decode them in shell by printf like: while read line; do printf "%s" "$line"; done < <(cat strace.log | head -n2) but it failed (looks like it doesn't make any sense): 11208 sendto(4, "set 29170397297_-cache-schema 85 0 127240rn257202v0?00022710stdClass247213cid216schema214d37ata25n247215block246216fields24f213bid2425214type 037erial2110not null5216module244167217va37rchar216length6#16t5217defaultr215de2lta#516v16f6 35716r210010215t 207C30#6216rr n4tatus#04213int/760214size 222finy216weight243 ;022300 66region#83405P5custom27300,171623162421nvisibility340t3475pages242 20534tex#206 2611it 365052400377y10r21ftransl!N2ble %1ca!a3403Q01n31vprimary key2416016621vunique#21ts241213tmd243 31020 2vn621616217index 210101214list24524036021 3610266316256416n 164214name 70na3172_ro25205!$0n 3341223016340016A2142213r!354# v222110unsigned5#3320362130n 213016 l6%16!24116%2710%#p516#16$21f200l241b#n24166M21016&#E4214bod201_53216t41623B\2g1634 303info .07a2550200#q!L56forma201332B/!d241637 y0*y0 225a;2402012'21van0_207200251613400U =#U1163#222 2122lob#On2316)216expire#303420267217create24117< 250n2031"1770dY022 30555small240!a320.`2300.240240012402403,21vb S2kpo"3132s246!2202t212241q010... Is there any better way to parse the output of strace command to see plain strings passed to recvfrom/sendto? Ideally it is possible to print printable characters including new lines (\r\n), but cut-off NULLs and other non-printable characters?
The problem why read doesn't work, because shell is already escaping the characters, so the string is doubled escaped, therefore \r\n is printed as rn. To ignore escaping of characters by shell, you can use read -r which allow backslashes to escape any characters (so they're treated literally). Here is example: while read -r line; do printf "%b\n" "$line"; done < strace.log | strings Since it's a binary data, above example also includes strings command to display only printable strings. Strace also support printing all strings in hex when -x is specified, but it'll work the same. Here is the version to parse strace output in real-time: while read -r line; do printf "%b\n" "$line" | strings done < <(sudo strace -e recvfrom,sendto -s 1000 -fp $(pgrep -n php) 2>/dev/stdout) Further more strings, can be replaced by more specific filter using grep, to get only what is inside double quotes: grep -o '".\+[^"]"' | grep -o '[^"]\+[^"]' however this may still print binary formats. To avoid that, lets simplify the whole process, so lets define the following formatter alias: alias format-strace='grep --line-buffered -o '\''".\+[^"]"'\'' | grep --line-buffered -o '\''[^"]*[^"]'\'' | while read -r line; do printf "%b" $line; done | tr "\r\n" "\275\276" | tr -d "[:cntrl:]" | tr "\275\276" "\r\n"' where: grep -o '".\+[^"]"' - select double-quoted string with quotes grep -o '[^"]*[^"]' - select text within the double quotes while read -r line - store each line into $line and do some action (help read) printf "%b" $line - print line by expanding backslash escape sequences tr "\r\n" "\275\276" - temporarily replace \r\n into \275\276 tr -d "[:cntrl:]" - remove all control characters tr "\275\276" "\r\n" - restore new line endings then the complete example to trace some command (e.g. php) can look like: strace -e trace=read,write,recvfrom,sendto -s 1000 -fp $(pgrep -n php) 2>&1 | format-strace Check for similar example: How to view the output of a running process in another bash session? at Unix.SE
Print word between two characters by going backward in the line
I having problems in extracting the word from a line. What i want is that it picks the first word before the symbol # but after the /. Which is the only delimiter that stand out. A line looks like this: ,["https://picasaweb.google.com/111560558537332305125/Programming#5743548966953176786",1,["https://lh6.googleusercontent.com/-Is8rb8G1sb8/T7UvWtVOTtI/AAAAAAAAG68/Cht3FzfHXNc/s0-d/Geek.jpg",1920,1200] I want the word Programming. To get that line i am using this which narrows it down. sed -n '/.*picasa.*.jpg/p' 5743548866439293105 So i want it to pretty much find # and then go backward until it hit the first /. Then print it out. In this case the word should be Programming but could be anything. I want it to be as short as possible and have experimented with sed -n '/.*picasa.*.jpg/p' 5743548866439293105 | awk '$0=$2' FS="/" RS="[$#]"
You can do that with sed (slightly shortened for formatting but works on your original string as well): pax> echo ',["https://p.g.com/111/Prog#574' | sed 's/^[^#]*\/\([^#]*\)#.*$/\1/' Prog pax> Explaining in more detail: /---+------------------> greedy capture up to '/'. / | | | /------+---------> capture the stuff between '/' and '#'. | |/ | | || | /-+-----> everything from '#' to end of line. | || |/ | | || || | 's/^[^#]*\/\([^#]*\)#.*$/\1/' || \+---> replace with captured group. It basically searches for an entire line that has the pattern you want (first # following a /), whilst capturing (with the \( and \) brackets) just the stuff between / and #. The substitution then replaces the entire line with just that captured text you're interested in (via \1).
Using grep with some Perl regex extensions: echo $string | grep -P -o "(?<=/)[^/]+(?=#)" -P tells grep to use Perl extensions. -o tells grep to display only the matched text. To understand what gets matched, break the regex into three parts: (?<=/), [^/]+?, and (?=#). The first part says that the matched text must follow a '/', without including the '/' in the match. The second parts matches a string of non-'/' characters. The last part says that the matched text must be immediately followed by a '#', without including the '#' in the match. Another grep, using the "\K" feature to "throw away" the match up to the last '/' before the '#': # Match as much as possible up to a '/', but throw it away, then match as much as you can # up to the first # echo $string | grep -oP ".*/\K.+(?=#)" Using cut and awk to get the first field (splitting on #) followed by the last field (splitting on /): echo $string | cut -d# -f1 | awk -F/ '{print $NF}' Using some temporary variables and bash's parameter expansion facilities: $ FOO=["https://picasaweb.google.com/111560558537332305125/Programming#5743548966953176786",1,["https://lh6.googleusercontent.com/-Is8rb8G1sb8/T7UvWtVOTtI/AAAAAAAAG68/Cht3FzfHXNc/s0-d/Geek.jpg",1920,1200] $ BAR=${FOO%#*} # Strip the last # and everything after $ echo $BAR [https://picasaweb.google.com/111560558537332305125/Programming $ BAZ=${BAR##*/} # Strip everything up to and including the last / $ echo $BAZ Programming
This might work for you: sed '/.*\/\([^#]*\)#.*/{s//\1/;q};d' file