current community

your communities

more stack exchange communities

Stack Exchange Inbox Reputation and Badges
tour help
Sign up ×
Unix & Linux Stack Exchange is a question and answer site for users of Linux, FreeBSD and other Un*x-like operating systems. It's 100% free, no registration required.
up vote 0 down vote favorite

I am trying to print a regex pattern for the following piece of mail log. In particular I am trying to get the ID between the square brackets (see the second line for reference). 

Mar 29 03:48:13 mx-150 clamsmtpd: 14114F: accepted connection from: 127.0.0.1
Mar 29 03:48:13 mx-150 postfix/smtpd[7445]: connect from unknown[127.0.0.1]
Mar 29 03:48:13 mx-150 spamd[15674]: prefork: child states: II

and using the following command:

awk '/\[\d+\]/ { print }' maillog

According to https://regex101.com/r/pL7kN2/1 I am getting 1 match, however, awk is not returning anything. Why is that?

share|improve this question

4 Answers 4

up vote 4 down vote accepted

Try standard regexps (instead of perl regexps). This will print matching lines:

awk '/\[[[:digit:]]+\]/ { print }' maillog

To extract and print the matching value inside the brackets:

awk 'match($0,/\[[[:digit:]]+\]/) { print substr($0,RSTART+1,RLENGTH-2)}' maillog
share|improve this answer
    
Hi Janis, seems I am getting hits using what you have pasted. Is there any place I can verify my regex online not being afraid that it is not going to be compatibile with awk? –  Peter Mar 29 at 20:10
    
I know there are regexp test pages on the Web, so a search will very likely make you find something. Search for BRE (basic regular expressions) or ERE (extended regular expressions). Those regexps are standard on Unix. (Syntax differences in different applications will only be whether and how regexp meta-characters are escaped or not.) I think the syntax of the regexps that are supported by [GNU] awk are also described in the GNU awk manual. –  Janis Mar 29 at 20:17
    
FWIW in mawk it appears not to work with POSIX class [[:digit:]] but does work with range [0-9] (at least on my Ubuntu box: mawk 1.3.3). See also bugs.launchpad.net/ubuntu/+source/mawk/+bug/69724 –  steeldriver Mar 29 at 21:22
up vote 2 down vote

Another approach:

awk -F'[][]' 'NR>1{print $2}' maillog
7445
15674
share|improve this answer
up vote 1 down vote

If you like awk next script prints every second field if string divided by [] (that's mean inside of it)

awk -F [][] '{for(i=2;i<=NF;i+=2)print $i}' maillog

But do the same by grep much simple

grep -o '\[[^]]*\]' maillog
share|improve this answer
    
Your first command will not work with csh, tcsh, zsh, bash -O failglob or if there's a file called [ or ] in the current directory. –  Stéphane Chazelas Mar 29 at 21:14
    
Cheers for your help, I am trying to learn awk even though I am tempted to use grep and other useful commands :) –  Peter Mar 30 at 8:12
up vote 0 down vote

Depending on what you wish to match

awk -F"[][]" '/postfix|spamd/{print $2}' maillog
share|improve this answer

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.