I'm trying to filter remote machine mac address , IP and hostname from 100 machines. Initially I'm capturing the information using below command.
$for i in `cat IP`;do in ssh root#$IP "ifconfig eth0 && hostname " ;done
eth0 Link encap:Ethernet HWaddr 00:MN:77:TR:XX:ZZ
inet addr:192.168.122.25 Bcast:192.168.122.255
Mask:255.255.224.0
test.com-112304
eth0 Link encap:Ethernet HWaddr 00:TT:77:MM:XX:YY
inet addr:192.168.122.22 Bcast:192.168.122.255
Mask:255.255.224.0
test.com-11035
Initially the output redirect to one file. from their I need to process output which comes in the above format.
I can able to accomplish to print IP and mac by line as follows
$cat input | awk '/HWaddr/{printf $NF;printf " ";getline;print $2;}' | cut -c1-18,24-
00:MN:77:TR:XX:ZZ 192.168.122.25
00:TT:77:MM:XX:YY 192.168.122.22
Actually I want to include hostname along with the output as follows
00:MN:77:TR:XX:ZZ 192.168.122.25 test.com-112304
00:TT:77:MM:XX:YY 192.168.122.22 test.com-11035
test.com will be common name for all hostname. I tried redirect both output in two variable and called as follows , but no luck.
a=`cat input | awk '/HWaddr/{printf $NF;printf " ";getline;print $2;}' | cut -c1-18,24-`
b=`grep test.com input`
echo $a $b | xargs -n2
Please shed some views
I'm trying to filter remote machine mac address , IP and hostname from 100 machines.
Machine mac address, from here: cat /sys/class/net/eth0/address
You have hostname utility, why don't you just hostname -i? You can parse ifconfig | grep inet | awk '{print $2}' | sed 's/addr://' and hope ifconfig versions are the same across all machines (some ifconfig verions return inet <ip> some return inet addr:<ip> like yours).
Hostname with hostname
Putting together:
echo $(cat /sys/class/net/eth0/address) $(ifconfig eth0 | grep inet | awk '{print $2}') $(hostname)
Executing a command for each line in some file is a job for xargs and remember about properly escaping your arguments:
cat IP | xargs -n1 -I{} ssh root#{} 'echo $(cat /sys/class/net/eth0/address) $(ifconfig eth0 | grep inet | awk '\''{print $2}'\'' | sed '\''s/addr://'\'') $(hostname)'
If you really have 100 machines, ansible might interest you.
If you really have that "input" file and you can't change it, you may parse it like this:
sed 's/eth0/#eth0/' input \
| xargs -d'#' -n1 -- bash -c '{ echo "$1" | grep HWaddr | awk "{print \$5}"; echo "$1" | grep inet | awk "{print \$2}" | sed "s/addr://"; echo "$1" | grep "^test.com"; } | tr "\n" " "; echo' --
And this hurts my eyes:
for i in `cat IP`; then
Related
I want to see what countries are trying to access my VPS. I have installed a tool called "goiplookup", which was forked from another effort called "geoiplookup". If I type this at the command line:
goiplookup 8.8.8.8
It returns this:
US, United States
So I figured out how to get a list of IPs that are trying to access my server by using this:
sudo grep "disconnect" /var/log/auth.log | grep -v COMMAND | awk '{print $9}'
Which gives a long list of IPs like this:
1.1.1.1
2.2.2.2
3.3.3.3
I cannot figure out how to get this list of IPs to be processed by the "goiplookup" tool. I tried this:
sudo grep "disconnect" /var/log/auth.log | grep -v COMMAND | awk '{print $9}' | goiplookup
but that did not work. I also tried with no luck:
sudo grep "disconnect" /var/log/auth.log | grep -v COMMAND | awk '{print $9}' | xargs -0 goiplookup
Try this:
sudo grep "disconnect" /var/log/auth.log | grep -v COMMAND | awk '{print $9}' | sort | uniq | xargs -n 1 goiplookup
I added | sort | uniq to ensure each IP only appears once
and xargs -n 1 so that each found IP is processes by goiplookup
I would put it into a file and make a small utility to parse it:
sudo grep "disconnect" /var/log/auth.log | grep -v COMMAND | awk '{print $9}' | sort -u > ./file.txt
cat ./file.txt | while read -r line; do
temp$(echo $line)
goiplookup $temp
done
This will read through the file one line at a time and execute the goiplookup with each IP.
sudo grep disconnect /var/log/auth.log | awk '!/COMMAND/ && !seen[$0]++ {system("geoiplookup \""$9"\""}
Note that geoiplookup only allows one IP per invocation.
The whole thing can be done in awk, but using grep allows the rest to be run unprivileged.
Consider whether grep -w (match whole word) is appropriate, and in awk you can do a similar thing with !/(^|[^[:alnum:]_])COMMAND($|[^[:alnum:]_])/.
I just made a shell script, which works.
#!/bin/bash
readarray -t array < <(sudo grep "disconnect" /var/log/auth.log | grep -v COMMAND | awk '{print $9}' | sort | uniq)
for ip in "${array[#]}"
do
:
country=$(/usr/local/bin/goiplookup -c $ip)
echo "$ip $country"
done
I'm working on a script, that should find certain disks and add hostname to them.
I'm using this for 40 servers with a for loop in bash
#!/bin/bash
for i in myservers{1..40}
do ssh user#$i findmnt -o SIZE,TARGET -n -l |
grep '1.8T\|1.6T\|1.7T' |
sed 's/^[ \t]*//' |
cut -d ' ' -f 2 |
awk -v HOSTNAME=$HOSTNAME '{print HOSTNAME ":" $0}'; done |
tee sorted.log
can you help out with the quoting here? It looks like awk gets piped (hostname) from localhost, not the remote server.
Everything after the first pipe is running locally, not on the remote server.
Try quoting the entire pipeline to have it run on the remote server:
#!/bin/bash
for i in myservers{1..40}
do ssh user#$i "findmnt -o SIZE,TARGET -n -l |
sed 's/^[ \t]*//' |
cut -d ' ' -f 2 |
awk -v HOSTNAME=\$HOSTNAME '{print HOSTNAME \":\" \$0}'" ;
done | tee sorted.log
This is a shorter version of your stuff:
findmnt -o SIZE,TARGET -n -l |
awk -v HOSTNAME=$HOSTNAME '/M/{print HOSTNAME ":" $2}'
Applied to the above:
for i in myservers{1..40}
do ssh user#$i bash -c '
findmnt -o SIZE,TARGET -n -l |
awk -v HOSTNAME=$HOSTNAME '"'"'/M/{print HOSTNAME ":" $2}'"'"' '
done |
tee sorted.log
see: How to escape the single quote character in an ssh / remote bash command?
#!/bin/bash
vm1_MAC=`virsh -c qemu:///system domiflist instance-00000009 -e | grep virbr0 | awk '{print $5}'`
vm2_MAC=`virsh -c qemu:///system domiflist instance-0000000d -e | grep -i virbr0 | awk -e '{print $5}'`
vm1_IP=`arp -e | grep $vm1_MAC | awk '{print $1}'`
vm2_IP=`arp -e | grep $vm2_MAC | awk '{print $1}'`
echo "VM1 IP Address: $vm1_IP"
echo "VM2 IP Address: $vm2_IP"
The shell script was meant to display the IP addresses of my two openstack instances but I am receiving grep command option error:
Usage: grep [OPTION]... PATTERN [FILE]...
Try 'grep --help' for more information.
Usage: grep [OPTION]... PATTERN [FILE]...
Try 'grep --help' for more information.
VM1 IP Address:
VM2 IP Address:
Is there anyone here who can assist me as I am not a bash script expert, just need to do this to get some tasks done. Thank you
This message typically happens when you try to grep for a string which starts with a dash.
The immediate workaround is to use grep -e "$variable" but really, you want to avoid the useless use of grep here.
#!/bin/bash
vm1_MAC=$(virsh -c qemu:///system domiflist instance-00000009 -e | awk "/virbr0/"'{print $5}')
vm2_MAC=$(virsh -c qemu:///system domiflist instance-0000000d -e | awk -e 'tolower($0) ~ /vibr0/ {print $5}')
vm1_IP=$(arp -e | awk -v mac="$vm1_MAC" '$0 ~ mac {print $1}')
vm2_IP=$(arp -e | awk -v mac="$vm2_MAC" '$0 ~ mac {print $1}')
Incidentally, this also demonstrates three different ways to pass a regex to Awk. Notice as well how we prefer the modern $(command) substitution over the dinosaur `backtick` syntax.
Problem description:
I want to print only the source and destination address from a tcpdump[1].
Have one working solution, but believe it could be improved a lot. An example that captures 5 packets, just as an example of what I'm looking for:
tcpdump -i eth1 -n -c 5 ip | \
cut -d" " -f3,5 | \
sed -e 's/^\([0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\)\..* \([0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\).*$/\1 > \2/'
Question:
Can this be done in any easier way? Performance is also an issue here.
[1] A part of a test if the snort home_net is correctly defined, or if we see traffic not defined in the home_net.
Solution:
Ok, thanks to everyone who have replied to this one. There have been two concerns related to the answers, one is the compatibility across different linux-versions and the second one is speed.
Here is the results on the speed test I did. First the grep-version:
time tcpdump -l -r test.dmp -n ip 2>/dev/null | grep -P -o '([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+).*? > ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)' | grep -P -o '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' | xargs -n 2 echo >/dev/null
real 0m5.625s
user 0m0.513s
sys 0m4.305s
Then the sed-version:
time tcpdump -n -r test.dmp ip | sed -une 's/^.* \(\([0-9]\{1,3\}\.\?\)\{4\}\)\..* \(\([0-9]\{1,3\}\.\?\)\{4\}\)\..*$/\1 > \3/p' >/dev/null
reading from file test.dmp, link-type EN10MB (Ethernet)
real 0m0.491s
user 0m0.496s
sys 0m0.020s
And the fastest one, the awk-version:
time tcpdump -l -r test.dmp -n ip | awk '{ print gensub(/(.*)\..*/,"\\1","g",$3), $4, gensub(/(.*)\..*/,"\\1","g",$5) }' >/dev/null
reading from file test.dmp, link-type EN10MB (Ethernet)
real 0m0.093s
user 0m0.111s
sys 0m0.013s
Unfortunately I have not been able to test how compatible they are, but the awk needs gnu awk to work due to the gensub function. Anyway, all three solutions works on the two platforms I have tested them on. :)
Here's one way using GNU awk:
tcpdump -i eth1 -n -c 5 ip | awk '{ print gensub(/(.*)\..*/,"\\1","g",$3), $4, gensub(/(.*)\..*/,"\\1","g",$5) }'
Try this:
tcpdump -i eth1 -n -c 5 ip 2>/dev/null | sed -r 's/.* ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+).* > ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+).*/\1 > \2/'
If running from a .sh script, remember to escape \1 & \2 as required.
Warning You have to use unbuffered ou line-buffered output to monitor the output of another command like tcpdump.
But you command seem correct.
To simplify, you could:
tcpdump -i eth1 -n -c 5 ip |
sed -une 's/^.* \(\([0-9]\{1,3\}\.\?\)\{4\}\)\..* \(\([0-9]\{1,3\}\.\?\)\{4\}\)\..*$/\1 > \3/p'
Notice the u switch usefull without -c 5 at tcpdump
tcpdump -ni eth1 ip |
sed -une 's/^.* \(\([0-9]\{1,3\}\.\?\)\{4\}\)\..* \(\([0-9]\{1,3\}\.\?\)\{4\}\)\..*$/\1 > \3/p'
& here is a grep only solution:
tcpdump -l -i eth1 -n -c 5 ip 2>/dev/null | grep -P -o '([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+).*? > ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)' | grep -P -o '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' | xargs -n 2 echo
Note -l, in case you don't want to limit the number of packets using -c.
I am not sure how to user wget can some one help me with the shell script to post local and external ip of the laptop to an external website? ( both GET and POST methods )
curl http://www.whatismyip.com/automation/n09230945.asp
ifconfig | grep "inet addr" | fgrep -v 127.0.0.1 | tr ':' " " | awk '{print $3;}'