grep mac地址-连续2行
[英]grep mac address - 2 consecutive lines
问题描述
My file consists of scan results. 
我的文件包含扫描结果。 Each result can have 4-20 lines 每个结果可以有4-20行
I want to filter only MAC addresses for Successful (Passed scans) 我只想为成功(通过扫描)过滤MAC地址
My file: 我的档案:
FAIL user1 OS-Anti-Virus-Check Mac OS X 10.10.5
PASSED Operating-System :: OS X 10.10 Yosemite
PASSED Operating-System :: OS X 10.10 Yosemite Update
FAILED Anti-Virus :: Sophos
E0:AC:CB:82:C3:F2 - en0
FAIL user2 OS-Anti-Virus-Check Windows Vista (TM) Home Premium 6.0 Service Pack 2
PASSED Operating-System :: Windows Vista
PASSED Operating-System :: Vista Service Pack
PASSED Operating-System :: Windows Vista Edition
PASSED Operating-System :: Vista Critical and Security Updates
PASSED Operating-System :: Windows Vista AutoUpdates Label
FAILED Anti-Spyware :: Microsoft Windows Defender
FAILED Anti-Virus :: Microsoft Windows Defender
00:23:4D:E2:8E:03 - Atheros AR928x Wireless Network Adapter
00:1D:BA:AF:D4:35 - Marvell Yukon 88E8055 PCI-E Gigabit Ethernet Controller
PASS user3 OS-Anti-Virus-Check Windows 8 China 6.2
PASSED Anti-Spyware :: Avast! Premier
PASSED Anti-Virus :: Avast! Premier
PASSED Anti-Virus :: Avast! Premier Definitions
PASSED Operating-System :: Windows 8 x64
PASSED Operating-System :: Windows 8 x64 Service Pack
PASSED Operating-System :: Windows 8 x64 Edition
PASSED Operating-System :: Windows 8 x64 Critical and Security Updates
PASSED Operating-System :: Windows 8 x64 AutoUpdates Label
28:D2:44:D2:7A:2E - Intel(R) Ethernet Connection I218-V
7C:7A:91:73:88:09 - Intel(R) Wireless-N 7260
7C:7A:91:73:88:0A - Microsoft Wi-Fi Direct ����������
7C:7A:91:73:88:0D - Bluetooth �?(����������
PASS user4 OS-Anti-Virus-Check Mac OS X 10.10.5
PASSED Anti-Virus :: Sophos
PASSED Anti-Virus :: Sophos Definitions
PASSED Operating-System :: OS X 10.10 Yosemite
PASSED Operating-System :: OS X 10.10 Yosemite Update
E0:AC:CB:82:C3:F2 - en0
I would like to extract list of mac addressees that Passed scans. 我想提取通过扫描的mac地址列表。
So in example 所以在例子中
if line contains "PASSED" and next line or 2 contain mac address ... print mac addresses. 如果行包含“通过”,下一行或2包含mac地址...打印mac地址。
I would be grateful if someone could point me in the right direction... 如果有人能指出正确的方向,我将不胜感激。
2 个解决方案
解决方案1
1 已采纳 2016-01-21 11:30:21
You could use grep twice: 您可以使用grep两次:
- first time to identify "PASSED" lines, followed by a MAC addresses 第一次识别“通过”行,然后是MAC地址
- second time to extract the MAC address from the result 第二次从结果中提取MAC地址
Exemple: 例:
grep -Pzo 'PASSED.*?\s+([0-9A-F]{2}(\:[0-9A-F]{2}){5})' d.txt | grep -Po '[0-9A-F]{2}(\:[0-9A-F]{2}){5}'
You can check the two next lines with the following command (I still can't find a way to make it to work for both cases): 您可以使用以下命令检查下两行(我仍然找不到使它在两种情况下都可以使用的方法):
grep -Pzo 'PASSED.*?(\s+([0-9A-F]{2}(\:[0-9A-F]{2}){5}).*?){2}' 3.txt | grep -Po '[0-9A-F]{2}(\:[0-9A-F]{2}){5}'
解决方案2
0 2016-01-21 11:36:28
This is trivial with Awk. 对于Awk而言,这是微不足道的。
awk '$1 ~ /^[0-9a-f][0-9a-f]:/ && p { print; next; }
/PASSED/ { p=1; next }
{ p=0 }'
The first line prints if the first field looks like a MAC address and p is non-zero (indicating that we saw PASSED on a previous line). 如果第一个字段看起来像MAC地址并且p不为零(表明我们在前一行看到PASSED ,则打印第一行。 The next two lines examine the input for PASSED ; 接下来的两行检查PASSED的输入; when it's seen, we set p to one, otherwise, to zero. 看到时,我们将p设置为1,否则设置为零。 The script then continues from the top with the next input line. 然后,脚本从顶部继续进行下一行输入。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.