#! /usr/bin/env bash
#
# Replace columns from "zeekctl status" output that are not predictable
# (such as PID) with Xs.  This script assumes that there is no "Peers" column
# in the output, unless the "--peers" command-line option is specified.
#
# If the "--peers" command-line option is given, then the "Peers" column
# is assumed to be present (and will not be replaced).
# If the "--time" command-line option is given, then the "Started" date/time
# columns are not replaced.

tcol=6
if [ "$1" = "--peers" ]; then
    tcol=7
fi

usetimefmt=0
if [ "$1" = "--time" ]; then
    usetimefmt=1
fi

awk -v tcol=${tcol} -v usetimefmt=${usetimefmt} '{
    if ( NR > 1 )
    {
        # Check the format of each field, and replace with Xs only if the
        # format is expected (some fields have unpredictable length, but
        # we need a constant-width string of Xs).
        if ( $5 ~ /^[0-9]+$/ ) { $5 = "XXXXX" }   # Pid

        if ( usetimefmt == 0) {
            # The "Started" column consists of three fields:
            tc=tcol;
            if ( $tc ~ /^[0-3][0-9]$/ ) { $tc = "XX" }
            tc++;
            if ( $tc ~ /^[A-Za-z]+$/ ) { $tc = "XXX" }
            tc++;
            if ( $tc ~ /^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]$/ ) { $tc = "XX:XX:XX" }
        }
    }

    print
}'