• 15

A PHP Error was encountered

Severity: Notice

Message: Undefined index: userid

Filename: views/question.php

Line Number: 191


File: /home/prodcxja/public_html/questions/application/views/question.php
Line: 191
Function: _error_handler

File: /home/prodcxja/public_html/questions/application/controllers/Questions.php
Line: 433
Function: view

File: /home/prodcxja/public_html/questions/index.php
Line: 315
Function: require_once

name Punditsdkoslkdosdkoskdo

How to extract IP addresses from log?

I'd like to gather information from UFW service, for further analysis.

A typical UFW log entry looks like the following:

[UFW BLOCK] IN=eth0 OUT= MAC=99:99:99:99:99:99:99:XX:XX:XX:XX:99:99:99 SRC=99.999.999.999 DST=999.99.99.9 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=56338 DPT=5800 WINDOW=65535 RES=0x00 SYN URGP=0

How can I extract SRC and DST ip addresses from the log?

Thank you!

The following should be sufficient. Note that I have used Extended Regular Expressions, which makes things a little more readable. To really understand this, you need to learn about regular expressions, and also sed.

sed -rn -e 's,.* SRC=([0-9.]+) DST=([0-9.]+) .*,\1 \2,p'

You can also do this with grep. Again, I'll use Extended Regular Expressions, which are meant to be the 'preferred' type over the older 'basic' regular expressions. Here I'm using -o to have grep only print out the part that matches.

grep -Eo 'SRC=[0-9.]+ DST=[0-9.]+'

You could improve on that to require a word-boundary before the SRC; I think you can put a \b before the SRC to accomplish that, but it generally won't be necessary.

Cheers, Cameron

  • 2
Reply Report
    • Thank you, Cameron, for your answer. Unfortunately, using sed resulted no output at all, while using the grep resulted partial reply: SRC= DST=178 So, I added that missing dot there... grep -Eo 'SRC=[0-9.]+ DST=[0-9.]+' and now the output is correct.

Warm tip !!!

This article is reproduced from Stack Exchange / Stack Overflow, please click

Trending Tags