Re: [Nolug] help with grep

From: Brett D. Estrade <estrabd_at_yahoo.com>
Date: Mon, 15 Sep 2003 10:13:11 -0800
Message-Id: <20030915181311.662B13B639@www.fastmail.fm>

I am not sure I understand, but here is a try:

grep -i "brod" 091503 | head -n 1 > 091503grep.1line

Brett

On Mon, 15 Sep 2003 13:04:11 -0500, "Robert Cochran"
<rcochran@archdiocese-no.org> said:
> Good afternoon All,
>
> We have some log files that we need to delete the multiple instances of a
> violation. We run
> grep -i "brod" 091503 > 091503grep (091503 is a tcpdump file)
> this gets rid of all the connections we are not looking for. But now we
> want
> to narrow it down to just one instance. Thanks in advance. Below is a
> snippet of the log:
>
> 11:06:17.140625 10.6.51.3.1084 > 10.1.1.3.53: 6652 A? www.brodcast.net.
> (34)
> (ttl 125, id 16352)
> 11:06:17.312500 10.6.51.3.1084 > 10.1.1.3.53: 10888 A? www.brodcast.net.
> (34) (ttl 125, id 16514)
> 11:06:17.375000 10.1.94.128.2475 > 10.1.1.3.53: 25125+ A?
> www.brodcast.net.
> (34) (ttl 126, id 53608)
> 11:06:17.375000 10.1.194.56.4405 > 10.1.1.3.53: 19275+ A?
> www.brodcast.net.
> (34) (ttl 126, id 43340)
> 11:06:17.390625 10.1.91.254.1159 > 10.1.1.3.53: 7481+ A?
> www.brodcast.net.
> (34) (ttl 126, id 22569)
> 11:06:17.406250 10.5.108.64.1846 > 10.1.1.3.53: 38213+ A?
> www.brodcast.net.
> (34) (ttl 125, id 16326)
> 11:06:17.796875 205.152.138.34.53 > 207.77.64.2.53: 10433 A?
> www.brodcast.net. (34) (ttl 128, id 11429)
> 11:06:17.796875 10.1.201.122.3227 > 10.1.1.3.53: 30035+ A?
> www.brodcast.net.
> (34) (ttl 126, id 37750)
> 11:06:17.859375 207.77.64.2.53 > 205.152.138.34.53: 10433* q:
> www.brodcast.net. 1/2/2 www.brodcast.net. A 127.0.0.1 (132) (DF) (ttl
> 242,
> id 40318)
> 11:06:17.859375 10.1.1.3.53 > 10.1.201.122.3227: 30035* q:
> www.brodcast.net.
> 0/0/0 (34) (ttl 128, id 11582)
> 11:06:17.859375 10.1.1.3.53 > 10.1.190.100.1034: 5870* q:
> www.brodcast.net.
> 0/0/0 (34) (ttl 128, id 11583)
> 11:06:17.859375 10.1.1.3.53 > 10.5.108.64.1846: 38213* q:
> www.brodcast.net.
> 0/0/0 (34) (ttl 128, id 11584)
> 11:06:17.859375 10.1.1.3.53 > 10.1.91.254.1159: 7481* q:
> www.brodcast.net.
> 0/0/0 (34) (ttl 128, id 11585)
> 11:06:17.859375 10.1.1.3.53 > 10.1.94.128.2475: 25125* q:
> www.brodcast.net.
> 0/0/0 (34) (ttl 128, id 11586)
> 11:06:17.859375 10.1.1.3.53 > 10.1.194.56.4405: 19275* q:
> www.brodcast.net.
> 0/0/0 (34) (ttl 128, id 11587)
> 11:06:17.859375 10.1.1.3.53 > 10.6.51.3.1084: 10888* q: www.brodcast.net.
> 0/0/0 (34) (ttl 128, id 11588)
>
> You can see what we want to do tihe the first 2 lines
> Regards,
> Robert Cochran
>
> ___________________
> Nolug mailing list
> nolug@nolug.org
=====
http://www.brettsbsd.net/~estrabd

__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com
___________________
Nolug mailing list
nolug@nolug.org
Received on 09/15/03

This archive was generated by hypermail 2.2.0 : 12/19/08 EST