I’m trying to write a script that searches through a pre-made list of running processes across a series of machines. I’m specifically looking for rsyslogd running on those devices, and attempting to find what configuration file they’re using (if not using the default /etc/rsyslog.conf).
Right now I’m successfully searching through the machines with this for loop:
for root_file in $TARGET_DIR/RESULTS*/ps_results; do
grep rsyslogd $root_file | awk '{s = ""; for (i = 15; i <= NF; i++) s = s $i " "; print s}'
done
And it’ll return a list like
# get_configs $TARGET_DIR/ /usr/sbin/rsyslogd -n /sbin/rsyslogd -i /var/run/syslogd.pid -c 5 /usr/sbin/rsyslogd -n -f /usr/syslog.conf ...
But what I want is a list that shows the IP address of the machine that is being checked (which is in the * of the RESULTS* of the script as-is) followed by just the path to the configuration file, like so:
# get_configs $TARGET_DIR/ 172.16.10.1 /etc/syslog.conf 172.16.10.2 /etc/syslog.conf 172.17.5.245 /usr/syslog.conf ...
I’ll be taking this list and parsing through the files and finding any additional configuration files that they might link to with the $IncludeConfig directive, but I’ve got to get through cleaning up my list of files first.
The mental block I’m hitting is testing for the -f option following rsyslogd. Since rsyslogd doesn’t require -f and it runs with the default /etc/rsyslog.conf, how do I handle testing for the option and extracting the path following it or supplying a default?
I considered using sed or cut to isolate ‘ -f /path/to/file’ and return /etc/rsyslog.conf on an empty result, but I’m not managing to accomplish that.
Answer
Supposing we have the following input files
$ grep . */ps_results RESULTS-172.16.10.1/ps_results:/usr/sbin/rsyslogd -n RESULTS-172.16.10.2/ps_results:/sbin/rsyslogd -i /var/run/syslogd.pid -c 5 RESULTS-172.17.5.245/ps_results:/usr/sbin/rsyslogd -n -f /usr/syslog.conf $
Then how about
$ awk '/rsyslogd/{gsub("^.*RESULTS-","",FILENAME);gsub("/ps_results","",FILENAME);b="/etc/rsyslog.conf";for(a=0;a++<NF;){if($a=="-f"){b=$(a+1)}};printf "%-15s%sn",FILENAME,b}' RESULTS*/ps_results
172.16.10.1 /etc/rsyslog.conf
172.16.10.2 /etc/rsyslog.conf
172.17.5.245 /usr/syslog.conf
$
Same code, annotated+formatted:
awk '/rsyslogd/ {
# strip everything up to (and including) RESULTS- from the filename
gsub("^.*RESULTS-","",FILENAME)
# strip the /ps_results from the filename
gsub("/ps_results","",FILENAME)
# set the default rsyslog conf file
b="/etc/rsyslog.conf"
# look for a -f parameter: if found, grab conf file
for(a=0;a++<NF;){
if($a=="-f") {
b=$(a+1)
}
}
# print the ip addr and conf file
printf "%-15s%sn",FILENAME,b
}' RESULTS*/ps_results