Command Line – Resolve All IP Addresses in Command Output

command linehostnamepipesed

I have several log files that contain a bunch of ip addresses. I would love to be able to pipe the data through a program that would match and resolve ip addresses.

I.E.
cat /var/log/somelogfile | host

which would turn a line like

10:45 accessed by 10.13.13.10

into

10:45 accessed by myhostname.intranet

My thought is there might be a way to do this with a combination of sed and host, but I have no idea how to do so. I know that I could write a simple script that would do it, but I would rather be able to use built in tools if possible. Any suggestions?

Best Answer

Here's a quick and dirty solution to this in Python. It does caching (including negative caching), but no threading and isn't the fastest thing you've seen. If you save it as something like rdns, you can call it like this:

zcat /var/log/some-file.gz | rdns
# ... or ...
rdns /var/log/some-file /var/log/some-other-file # ...

Running it will annotate the IP addresses with their PTR records in-place:

$ echo "74.125.132.147, 64.34.119.12." | rdns
74.125.132.147 (rdns: wb-in-f147.1e100.net), 64.34.119.12 (rdns: stackoverflow.com).

And here's the source:

#!/usr/bin/env python

import sys, re, socket

cache = dict()

def resolve(x):
    key = x.group(0)
    try:
        return "%s (rdns: %s)" % (key, cache[key])
    except KeyError:
        try:
            cache[key] = socket.gethostbyaddr(key)[0]
        except socket.herror:
            cache[key] = '?'
        return "%s (rdns: %s)" % (key, cache[key])

for f in [open(x) for x in sys.argv[1:]] or [sys.stdin]:
    for line in f:
        sys.stdout.write(re.sub("\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}", resolve, line))

# End of file.

Please note: this isn't quite what you're after to the letter (using ‘standard tools’). But it probably helps you more than a hack that resolves every IP address every time it's encountered. With a few more lines, you can even make it cache its results persistently, which would help with repeat invocations.

Related Solutions

Bash – Text file look-up by column

OK, if the length of the columns is not known, I'd switch to a more powerful language than bash:

#!/usr/bin/perl
use warnings;
use strict;

my $string = shift;
open my $FH, '<', '1.txt' or die $!;
my $first_line = <$FH>;
my ($before, $name) = $first_line =~ /(.* )(NAME *)/;
my $column = length $before;
$string .= ' ' x (length($name) - length $string);     # adjust the length of $string
while (<$FH>) {
    if ($column == index $_, $string, $column) {
        /^\[([0-9]+)\]/ and print "$1\n";
    }
}

Bash – Process Command Output Line by Line Without Mixing Standard Input

exec 3<&0
while read line
do
    mplayer "$line" <&3
done < <(find-me-random-mp3s)

This copies terminal input to file descriptor 3. In the while loop, stdin is everywhere read from your find-me-random-mp3s program except for the mplayer line which gets its stdin from file descriptor 3 which is your terminal. Hence, you can still interact with mplayer.

Best Answer

Related Solutions

Bash – Text file look-up by column

Bash – Process Command Output Line by Line Without Mixing Standard Input

Related Question