Using awk to return only certain chunks of data

Posted by Koriar on Stack Overflow See other posts from Stack Overflow or by Koriar
Published on 2012-09-28T20:50:59Z Indexed on 2012/09/28 21:37 UTC
Read the original article Hit count: 225

Filed under:
|
|

I'm not 100% certain how to phrase my question simply, so I apologize if this has been answered somewhere and I was just unable to find it.

What I have are debug logs with authentication packets in them along with a bunch of other output. I need to search through about 2 million lines of logs to find every packet that contains a certain mac address.

The packets look something like this (slightly censored):

-----------------[ header ]-----------------
Event:     Authd-Response (1900)
Sequence:  -54
Timestamp: 1969-12-31 19:30:00 (0)
---------------[ attributes ]---------------
Auth-Result = Auth-Accept
Service-Profile-SID = 53
Service-Profile-SID = 49
RADIUS-Access-Accept-Attr/WiMAX-Capability = 0x(numbers)
Session-Timeout = 3600
Service-Profile-SID = 4
Service-Profile-SID = 29
Chargeable-User-Identity = "(Numbers)"
User-Password = "(the MAC address I'm looking for)"
--------------------------------------------

However there are about 10 different possible types with different possible lengths. They all start with the header line and end with the all-dashes line.

I've had success using awk to get the code blocks themselves using this:

awk '/-----------------\[ header \]-----------------/,/--------------------------------------------/' filename.txt

But I was hoping to be able to use it to return only the packets which contain the MAC address that I need.

I've been trying to figure this out for a few days now and I'm pretty stuck. I could try and write a bash script, but I could swear that I've used awk to do something like this before...

© Stack Overflow or respective owner

Related posts about regex

Related posts about awk