My file consists of scan results. Each result can have 4-20 lines I want to filter only MAC addresses for Successful (Passed scans) My file: I would like to extract list of mac addressees that Passed scans. So in example if line contains “PASSED” and next line or 2 contain mac address … prin…

Linux

My file consists of scan results. Each result can have 4-20 lines

I want to filter only MAC addresses for Successful (Passed scans)

My file:

FAIL user1 OS-Anti-Virus-Check     Mac OS X 10.10.5

        PASSED Operating-System :: OS X 10.10 Yosemite
        PASSED Operating-System :: OS X 10.10 Yosemite Update
        FAILED Anti-Virus :: Sophos
        E0:AC:CB:82:C3:F2 - en0
FAIL user2 OS-Anti-Virus-Check     Windows Vista (TM) Home Premium 6.0 Service Pack 2

        PASSED Operating-System :: Windows Vista
        PASSED Operating-System :: Vista Service Pack
        PASSED Operating-System :: Windows Vista Edition
        PASSED Operating-System :: Vista Critical and Security Updates
        PASSED Operating-System :: Windows Vista AutoUpdates Label
        FAILED Anti-Spyware :: Microsoft Windows Defender
        FAILED Anti-Virus :: Microsoft Windows Defender
        00:23:4D:E2:8E:03 - Atheros AR928x Wireless Network Adapter
        00:1D:BA:AF:D4:35 - Marvell Yukon 88E8055 PCI-E Gigabit Ethernet Controller
PASS user3 OS-Anti-Virus-Check     Windows 8 China 6.2

        PASSED Anti-Spyware :: Avast! Premier
        PASSED Anti-Virus :: Avast! Premier
        PASSED Anti-Virus :: Avast! Premier Definitions
        PASSED Operating-System :: Windows 8 x64
        PASSED Operating-System :: Windows 8 x64 Service Pack
        PASSED Operating-System :: Windows 8 x64 Edition
        PASSED Operating-System :: Windows 8 x64 Critical and Security Updates
        PASSED Operating-System :: Windows 8 x64 AutoUpdates Label
        28:D2:44:D2:7A:2E - Intel(R) Ethernet Connection I218-V
        7C:7A:91:73:88:09 - Intel(R) Wireless-N 7260
        7C:7A:91:73:88:0A - Microsoft Wi-Fi Direct ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½
        7C:7A:91:73:88:0D - Bluetooth ï¿½?(ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½
PASS user4 OS-Anti-Virus-Check     Mac OS X 10.10.5

        PASSED Anti-Virus :: Sophos
        PASSED Anti-Virus :: Sophos Definitions
        PASSED Operating-System :: OS X 10.10 Yosemite
        PASSED Operating-System :: OS X 10.10 Yosemite Update
        E0:AC:CB:82:C3:F2 - en0

I would like to extract list of mac addressees that Passed scans.

So in example

if line contains “PASSED” and next line or 2 contain mac address … print mac addresses.

I would be grateful if someone could point me in the right direction…

Answer

You could use grep twice:

first time to identify “PASSED” lines, followed by a MAC addresses
second time to extract the MAC address from the result

Exemple:

grep -Pzo 'PASSED.*?s+([0-9A-F]{2}(:[0-9A-F]{2}){5})' d.txt | grep -Po '[0-9A-F]{2}(:[0-9A-F]{2}){5}'

You can check the two next lines with the following command (I still can’t find a way to make it to work for both cases):

grep -Pzo 'PASSED.*?(s+([0-9A-F]{2}(:[0-9A-F]{2}){5}).*?){2}' 3.txt | grep -Po '[0-9A-F]{2}(:[0-9A-F]{2}){5}'

grep mac address – 2 consecutive lines

Advertisement

Answer