CODEWITHSUNDEEP
bashif-statementpipe
DarKnight
DarKnight

Reputation: 83

Pass the argument to if condition used in pipe

I am trying to write a script which extracts data from the file "nohup.out" using tail -f and executing dig command on condition.

#!/bin/bash
nohup proxychains firefox

tail -f nohup.out | xargs if [[ {} == *"denied"* ]] 
    then
        dig -x `cut -d '-' -f 6 {} | cut -d ':' -f 1`&;
    fi

Output of nohup.out is

|S-chain|-<>-10.1.1.16:80-<><>-93.184.220.29:80-<--denied

|S-chain|-<>-10.1.1.16:80-<><>-93.184.220.29:80-<--denied

|S-chain|-<>-10.1.1.16:80-<><>-216.58.209.77:443-<><>-OK

|S-chain|-<>-10.1.1.16:80-<><>-46.28.247.89:443-<><>-OK

With the below command I am able to extract the IP for reverse DNS lookup.

cut -d '-' -f 6 | cut -d ':' -f 1

I am not able to find a way to pass the argument to cut and if command.

Upvotes: 0

Views: 376

Answers (2)

Jonathan Leffler
Jonathan Leffler

Reputation: 753665

What you need is to convert the if statement into an argument to bash. Doing a simplistic transform, assuming that the code in the question has a chance of working, you get:

tail -f nohup.out |
xargs -I '{}' bash -c "if [[ {} == *"denied"* ]]; then dig -x $(cut -d '-' -f 6 {} | cut -d ':' -f 1) & fi"

This is exactly the same basic treatment as was needed for a for loop being executed by nohup — you need a shell to run the built-in command. See Why can't I use Unix nohup with Bash for loop? for an exactly analogous situation.

However, on further reflection, you want to cut the string which is the IP address, not the file with that as a name, so the command needs to echo the string into the cut commands. You also have to tear your hair getting the sub-commands executed correctly; you need a backslash before the $ of $(…), or before each of the back-ticks if you insist on using `…` notation, as well as using backslash-double-quote to protect the angle-brackets in the string.

tail -f nohup.out |
xargs -I '{}' bash -c "if [[ '{}' != *denied* ]]; then echo dig -x \"\$(echo '{}' | cut -d '-' -f 6 | cut -d ':' -f 1)\" & fi"

Now we need to debate the use of the condition and two cut commands (and the general hair loss). You could use:

tail -f nohup.out |
grep -v denied |
xargs -I '{}' bash -c "echo dig -x \$(echo '{}' | cut -d '-' -f 6 | cut -d ':' -f 1) &"

or, more sensibly:

tail -f nohup.out |
awk -F '[-:]' '/denied/ { next } { print "dig -x " $7 " &" }' |
sh -x

or any of a myriad other ways to do it.

Upvotes: 1

Renaud Pacalet
Renaud Pacalet

Reputation: 29025

awk -F- '!/denied/ {print $6}'

splits each input line in fields separated by -, ignores the lines matching denied and extracts the 6th field of the remaining lines. With you example it outputs:

216.58.209.77:443
46.28.247.89:443

Upvotes: 0

Related Questions