43 lines
1.3 KiB
Bash
Executable File
43 lines
1.3 KiB
Bash
Executable File
#! /usr/bin/env bash
|
|
#
|
|
# Replace columns from "zeekctl status" output that are not predictable
|
|
# (such as PID) with Xs. This script assumes that there is no "Peers" column
|
|
# in the output, unless the "--peers" command-line option is specified.
|
|
#
|
|
# If the "--peers" command-line option is given, then the "Peers" column
|
|
# is assumed to be present (and will not be replaced).
|
|
# If the "--time" command-line option is given, then the "Started" date/time
|
|
# columns are not replaced.
|
|
|
|
tcol=6
|
|
if [ "$1" = "--peers" ]; then
|
|
tcol=7
|
|
fi
|
|
|
|
usetimefmt=0
|
|
if [ "$1" = "--time" ]; then
|
|
usetimefmt=1
|
|
fi
|
|
|
|
awk -v tcol=${tcol} -v usetimefmt=${usetimefmt} '{
|
|
if ( NR > 1 )
|
|
{
|
|
# Check the format of each field, and replace with Xs only if the
|
|
# format is expected (some fields have unpredictable length, but
|
|
# we need a constant-width string of Xs).
|
|
if ( $5 ~ /^[0-9]+$/ ) { $5 = "XXXXX" } # Pid
|
|
|
|
if ( usetimefmt == 0) {
|
|
# The "Started" column consists of three fields:
|
|
tc=tcol;
|
|
if ( $tc ~ /^[0-3][0-9]$/ ) { $tc = "XX" }
|
|
tc++;
|
|
if ( $tc ~ /^[A-Za-z]+$/ ) { $tc = "XXX" }
|
|
tc++;
|
|
if ( $tc ~ /^[0-2][0-9]:[0-5][0-9]:[0-5][0-9]$/ ) { $tc = "XX:XX:XX" }
|
|
}
|
|
}
|
|
|
|
print
|
|
}'
|