I will occasionally search aggregate logs files on my syslog server for a specific MAC address. Since each source uses a different format for MAC addresses, I usually use this command:
less syslog.log | grep -i -E '56[:-\.]?ea[:-\.]?b6[:-\.]?a6[:-\.]?82[:-\.]?5e'
Which will find the address regardless of the format or case ( 56eab6a6825e
, 56ea.b6a6.825e
, 56:ea:b6:a6:82:5e
, 56-EA-B6-A6-82-5E
).
I have this command saved in text file so I can just replace each hex pair with the relevant digits and paste it in, but is there an elegant way format my regex where I can have the whole address together? For example:
less syslog.log | grep -i -E '56eab6a6825e[:-\.]?(anywhereinthestring)'
I basically want to be more lazy when searching, but I don't understand lookarounds enough to know if they are applicable in this case. Is this even possible?
Here's a function that takes a MAC address and constructs a regex from it. You can run it just like grep
, with either a list of files or nothing to read from stdin.
grep-mac() {
local mac="$1"
local files=("${@:2}")
# Strip punctuation from the input MAC.
mac="${mac//[^[:alnum:]]}"
# Create a regex by inserting `[:-\.]?` in between every two characters.
local regex="${mac:0:2}$(sed -E 's/../[:-\\.]?\0/g' <<< "${mac:2}")"
# Call `grep` with the regex and files we were passed.
grep -iE "$regex" "${files[@]}"
}
The MAC address can be uppercase or lowercase, with or without punctuation. Example usage:
❯ grep-mac 56:ea:b6:a6:82:5e syslog.log | less
❯ grep-mac 56EAB6A6825E syslog.log | less
You can put it in your ~/.bashrc
if you want easy access.
Simply store the mac-address to search in a variable and use Bash's replace expanded value to generate the Regex for grep
:
mac='56:ea:b6:a6:82:5e'; grep -iE "${mac//:/[:.-]?}"
You can try this grep
$ grep -Ei '56[[:alnum:]:.-]+5e' <(less syslog.log)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.