1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
|
#! /usr/bin/env bash
#
# Replace columns from "zeekctl status" output that are not predictable
# (such as PID) with Xs. This script assumes that there is no "Peers" column
# in the output, unless the "--peers" command-line option is specified.
#
# If the "--peers" command-line option is given, then the "Peers" column
# is assumed to be present (and will not be replaced).
# If the "--time" command-line option is given, then the "Started" date/time
# columns are not replaced.
tcol=6
if [ "$1" = "--peers" ]; then
tcol=7
fi
usetimefmt=0
if [ "$1" = "--time" ]; then
usetimefmt=1
fi
awk -v tcol=${tcol} -v usetimefmt=${usetimefmt} '{
if ( NR > 1 )
{
# Check the format of each field, and replace with Xs only if the
# format is expected (some fields have unpredictable length, but
# we need a constant-width string of Xs).
if ( $5 ~ /^[0-9]+$/ ) { $5 = "XXXXX" } # Pid
if ( usetimefmt == 0) {
# The "Started" column consists of three fields:
tc=tcol;
if ( $tc ~ /^[0-3][0-9]$/ ) { $tc = "XX" }
tc++;
if ( $tc ~ /^[A-Za-z]+$/ ) { $tc = "XXX" }
tc++;
if ( $tc ~ /^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]$/ ) { $tc = "XX:XX:XX" }
}
}
print
}'
|
