bash - dont include the last line in matching between patterns in awk and sed, but include the first -
apologies - iv'e edited title - title opposite of wanted.
i want include first line of pattern, , every line occurence of end pattern. end pattern, subset of start pattern, sed behaving differently awk.
the purpose of build bash function enumerates cisco asa object-groups of type network.
further this, if of lines in lines of output contain "group-object" - grouping object needs enumerated. sure with loops, if's , awk's , or sed's can done.
e.g.
object-group network object-group-daddy network-object 10.1.1.0 255.255.255.0 network-object 10.2.1.0 255.255.255.0 group-object nested-object-group network-object 10.3.1.0 255.255.255.0 object-group network any-other-object-group network-object 10.1.1.0 255.255.255.0 object-group network nested-object-group network-object 10.11.1.0 255.255.255.0 network-object 10.22.1.0 255.255.255.0 would return:
object-group network object-group-daddy network-object 10.1.1.0 255.255.255.0 network-object 10.2.1.0 255.255.255.0 group-object nested-object-group --+ expanded below ----network-object 10.11.1.0 255.255.255.0 ----network-object 10.22.1.0 255.255.255.0 at moment - cant first part working (without enumerating nested groups) - nested groups, have nested groups ! argh
sed -n '/object-group network object-group-daddy/,/object-group network/p' asa_config.cfg gives me need, include first line of end pattern, start of object grouping dont care about.
the awk version doesn't seem homecoming anything, i'm guessing because end pattern sub-string of start pattern:
awk '/object-group network object-group-daddy/,/object-group network/p' asa_config.cfg there guide using next , flags, not create head or tail of bunch of different sites.
ok here added information:
in reply questions, no not know awk language, nor sed. i'm network engineer - , guess of not dabble in discipline, why want accomplish mystery you. terrible @ programming, , linux weak.
the access command lists in cisco asa configuration built access lists this:
access-list access-list extended permit ip object-group source-object-group object-group destination-object-group
anything in capitals has been entered human, point in time, lower case words beingness reserved cisco, parsing etc. "object groups" arrays in programming language. these access lists may contain more 1 line, or have networks explicitly defined, rather utilize object groups.
i enumerate of object groups entries, both source , destination object grouping in specified access-list. format of these object-groups below
object-group network destination-object-group network-object 10.33.1.0 255.255.255.0 network-object 10.44.1.0 255.255.255.0 object-group network any-other-object-group network-object 10.1.1.0 255.255.255.0 object-group network source-object-group network-object 10.1.1.0 255.255.255.0 network-object 10.2.1.0 255.255.255.0 group-object nested-object-group network-object 10.3.1.0 255.255.255.0 object-group network nested-object-group network-object 10.11.1.0 255.255.255.0 network-object 10.22.1.0 255.255.255.0 in above example, using access command list presented earlier, source object grouping output:
object-group network source-object-group network-object 10.1.1.0 255.255.255.0 network-object 10.2.1.0 255.255.255.0 group-object nested-object-group network-object 10.3.1.0 255.255.255.0 however notice object grouping named source-object-group contains group-object, reserved word means - nested object group, , needs read in somewhere else in config.
so output need :
object-group network source-object-group network-object 10.1.1.0 255.255.255.0 network-object 10.2.1.0 255.255.255.0 group-object nested-object-group ---enumerated----network-object 10.3.1.0 255.255.255.0 network-object 10.3.1.0 255.255.255.0 we not want output other object-groups not part of access list, or not nested in top level access list. concept similar nested groups in active directory.
ill effort give pseudo code:
awk print object-group names/variables access-list using awk print $6 , awk print $9
access-list access-list extended permit ip object-group source-object-group object-group destination-object-group
store each of these variable, enumerate. $source-object-group-name, $destination-object-group-name
function enumerate-object-group input $source-object-group-name
so if $source-object-group-name = "source-object-group" kind of explicit pattern matching wont match "source-object-group1", (some kind of grep -w style thing) print each line below. becuase many object groups, longer named ones others. e.g run substring of running
(1) print "title line" object-group network source-object-group
(2)check if line starts "group-object"(notice reversed reserved name, cisco can differentiate) ---> yes? send value of "object-group" function, one. value can grabbed awk print $2
---> no ? print line, because "normal" 1 doesn't start "group-object"
network-object 10.1.1.0 255.255.255.0 network-object 10.2.1.0 255.255.255.0 ---> yes? send value of "object-group" function, one. value can grabbed awk print $2 (goto 1?)
(3) go on downwards configuration until nail text starts "object-group network" doesn't contain explicit name of original grouping object, meaning - new object-group don't care about, not 1 pulling access list nor not 1 nested, expanding.
pump $destination-object-group-name function repeat lines in teh access-list
i understand complicated, , there 2 levels (or more) of nested groups going on here. allow me know if need more info.
i couldn't comments display properly, trying double space line breaks.
i tried suggestion, replacing end sed p {$d;p} however, go same output:
[nickc@localhost ~]$ sed -n '/object-group network source-object-group/,/object-group network/{$d;p}' asa_config.cfg object-group network source-object-group network-object 10.1.1.0 255.255.255.0 network-object 10.2.1.0 255.255.255.0 group-object nested-object-group network-object 10.3.1.0 255.255.255.0 object-group network nested-object-group [nickc@localhost ~]$ sed -n '/object-group network source-object-group/,/object-group network/p' asa_config.cfg object-group network source-object-group network-object 10.1.1.0 255.255.255.0 network-object 10.2.1.0 255.255.255.0 group-object nested-object-group network-object 10.3.1.0 255.255.255.0 object-group network nested-object-group we need create sure lastly line omitted. im testing below text:
nickc@localhost ~]$ cat asa_config.cfg object-group network destination-object-group network-object 10.33.1.0 255.255.255.0 network-object 10.44.1.0 255.255.255.0 object-group network any-other-object-group network-object 10.1.1.0 255.255.255.0 object-group network source-object-group network-object 10.1.1.0 255.255.255.0 network-object 10.2.1.0 255.255.255.0 group-object nested-object-group network-object 10.3.1.0 255.255.255.0 object-group network nested-object-group network-object 10.11.1.0 255.255.255.0 network-object 10.22.1.0 255.255.255.0
sed -n '/object-group network object-group-daddy/,/object-group network/{$d;p}' asa_config.cfg
the $d delete lastly line of pattern.
update: solution above should work far know yet doesn't reason (perhaps sed bug) - next workaround:
sed -n '/object-group network object-group-daddy/,/object-group network/p' asa_config.cfg | sed '$d'
bash awk sed asa
No comments:
Post a Comment