Using awk to return only certain chunks of data
- by Koriar
I'm not 100% certain how to phrase my question simply, so I apologize if this has been answered somewhere and I was just unable to find it.
What I have are debug logs with authentication packets in them along with a bunch of other output. I need to search through about 2 million lines of logs to find every packet that contains a certain mac address.
The packets look something like this (slightly censored):
-----------------[ header ]-----------------
Event: Authd-Response (1900)
Sequence: -54
Timestamp: 1969-12-31 19:30:00 (0)
---------------[ attributes ]---------------
Auth-Result = Auth-Accept
Service-Profile-SID = 53
Service-Profile-SID = 49
RADIUS-Access-Accept-Attr/WiMAX-Capability = 0x(numbers)
Session-Timeout = 3600
Service-Profile-SID = 4
Service-Profile-SID = 29
Chargeable-User-Identity = "(Numbers)"
User-Password = "(the MAC address I'm looking for)"
--------------------------------------------
However there are about 10 different possible types with different possible lengths. They all start with the header line and end with the all-dashes line.
I've had success using awk to get the code blocks themselves using this:
awk '/-----------------\[ header \]-----------------/,/--------------------------------------------/' filename.txt
But I was hoping to be able to use it to return only the packets which contain the MAC address that I need.
I've been trying to figure this out for a few days now and I'm pretty stuck. I could try and write a bash script, but I could swear that I've used awk to do something like this before...