You could try the 'sed' command: cat kernel.01 | sed -e "s/.*DPT=/DPT=/" -e "s/ .*//"
That would replace everything up to the first "DPT=" with nothing and everything from the first space character to the end of the line with nothing. HTH, Brad. --- "m.w.chang" <[EMAIL PROTECTED]> wrote: > cat kernel.01 | cut -f 19-20 -d\r > > SPT=2701 DPT=27374 > SPT=2701 DPT=27374 > SPT=2701 DPT=27374 > SPT=2701 DPT=27374 > SPT=4169 DPT=1433 > SPT=4169 DPT=1433 > DPT=139 WINDOW=5360 > DPT=139 WINDOW=5360 > DPT=139 WINDOW=5360 > > this doesn't quite work because the number of fields > varied on each > iptables log entry. field 19 may not always be the > DPT=xxx column. > > How to create a column containing only the > "DPT=9999" column? > Once that's done, I could apply `uniq -c` on it. > > > > -- > Swiftly. Silently. Invisibly. .~. In Linux we > trust. > / v \r > news://news.hkpcug.org /( _ ) > http://www.linux-sxs.org __________________________________________________ Do you Yahoo!? New DSL Internet Access from SBC & Yahoo! http://sbc.yahoo.com _______________________________________________ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc -> http://www.linux-sxs.org/mailman/listinfo/linux-users
