| Follow me on:

Create PDF    Send article as PDF to   

Playing with text files in Linux

February 26th, 2010

I had a big Microsoft Event Viewer log file and I wanted specific information from the log file. At first I was thinking about using Microsoft Excel to do some filtering, but that didn’t really help. At the end Linux did the trick. I used Cygwin under Windows to extract the specific information. The raw log file had the following format:

2/22/2010:1:14:46 PM:IAS:Information:None:1:N/A:BOOCHES01:User rene was granted access.
2/22/2010:1:09:15 PM:IAS:Information:None:1:N/A:BOOCHES01:User rene was granted access.
2/22/2010:12:19:58 PM:IAS:Information:None:1:N/A:BOOCHES01:User BOOCHES\test was granted access.
2/22/2010:12:03:24 PM:IAS:Information:None:1:N/A:BOOCHES01:User booches was granted access.
2/22/2010:11:58:54 AM:IAS:Information:None:1:N/A:BOOCHES01:User testuser was granted access.
2/22/2010:11:58:13 AM:IAS:Information:None:1:N/A:BOOCHES01:User booches was granted access.
2/22/2010:11:58:07 AM:IAS:Information:None:1:N/A:BOOCHES01:User BOOCHES\test was granted access.
2/22/2010:11:17:13 AM:IAS:Information:None:1:N/A:BOOCHES01:User testuser1 was granted access.

I needed to extract only the unique users. Playing a little with Linux gave me the following output.

User test was granted access.
User booches was granted access.
User rene was granted access.
User testuser was granted access.
User testuser1 was granted access.

It isn’t perfect, but it is good enough for me. The original log file is called log.txt and the output is written to a file called users.txt. I used the following command to accomplish the output above.

cat log.txt | cut –d: –f11 | sed ‘s/BOOCHES\\//g’ | sort | uniq >> users.txt

Cat prints the file log.txt to the screen. The –d parameter with cut determines the delimiter and –f selects the column to print. With sed I search for the string “BOOCHES\” and replace the sting with nothing (//). Everything is sorted with sort and all duplicate entries are removed with uniq. The output is written to the file users.txt.

Simple and effective!!!

René Jorissen works as Solution Specialist for 4IP in the Netherlands. Network Infrastructures are the primary focus. René works with equipment of multiple vendors, like Cisco, HP Networking, Juniper Networks, RSA, PaloAlto Networks, Microsoft and many more. René is CCNA (Routing & Switching, Security), CCNP , Cisco ASA Specialist and CEFFS certified. You can follow René on Twitter and LinkedIn.
René Jorissen
View all posts by René Jorissen
Company website

Related Articles

One Response to “Playing with text files in Linux”

  1. solcon Says:

    February 26th, 2010 at 5:46 pm

    please test Logparser 2.2 from http://www.microsoft.com/downloads/details.aspx?FamilyID=890cd06b-abf8-4c25-91b2-f8d975cf8c07&displaylang=en


Leave a Reply