I need a regular expression that looks for <IPADDRESS> [x]created and excludes one particular IP address

Question

I want to open some log files one at a time and look for a certain string...

13:15:55 <AN IP ADDRESS> [2]created /myfile.zip 226 0

The key is that want to find files that have HAS an IP ADDRESS but EXCLUDES one particular IP address and that then has the "[2]created" part of the string. The number in brackets may vary.

Thanks.

Seth

Answer 1

Not sure the kind textual data you are working with but if that's the only IP address you are trying to exclude and assuming all the other IP Address are good. Does just excluding that specific IP Address like below work for you? You can replace the IP Address value with those of yours.

Exclusion Expression. ^(144.44.11.222)

Look up for all IP Matches: \d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}

If that doesn't work, I suggest applying the look up for all the IP and then work off on excluding from that list.

Hope that helps.

Answer 2

for f in `find /path/to/files -iname '*FILENAME*PATTERN*' -exec egrep -l '(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?) \[0-9\]created'`
    fgrep -v -l 'SPECIFIC_IP_TO_FILTER_OUT' $f
done    

Or something simillar with bash, GNU grep might work for you.