Linux commands piping - grep and matching pattern

Can someone please explain what happens in this command: Logfile structure:

IPsrc:IPdst:port:packets

@ max=`cut -f4 -d: logfile | sort -n -r | head -1`
grep "$max"$ logfile | cut -f1,3,4 -d: | sort | uniq

I can't understand how the first line is used to define a pattern for grep.

I am using ubuntu to test this.

Any link/explanation is helpful.

virtual@virtual-VirtualBox:~$ @max='cut -f4 -d: intrulog | sort -n -r | head -1' grep   "$max"$ intrulog | cut -f1,3,4 -d: | sort | uniq
virtual@virtual-VirtualBox:~$

As you can see, when I execute these commands, grep does not return anything. If I execute the command in the first line, I get the expected output, but in the first case, $max is not passed to grep as the correct filter pattern

virtual@virtual-VirtualBox:~$ cut -f4 -d: intrulog | sort -n -r | head -1
24
virtual@virtual-VirtualBox:~$

JUST TO HELP FUTURE VISITORS Structure of intrulog(IPsrc:IPdst:port:packets), reduced to a few lines:

192.168.164.142:137.37.8.8:8080:5
192.168.160.37:137.37.8.5:8080:13
192.168.155.47:137.37.8.12:443:24
192.168.161.92:137.37.8.5:21:24
192.168.156.77:137.37.8.8:8080:13
192.168.164.84:137.37.8.9:8080:9

The commands are expected to return the IPSrc, the port and the number of packets:

192.168.155.47:443:24
192.168.161.92:21:24

grep

ThatJoeGuy

Posted 2011-05-11T22:10:59.900

Reputation: 33

If you post the structure of intrulog, I can add an analysis to my answer of what this command will end up returning. – Hyppy – 2011-05-11T22:50:27.993

Answers

EDIT (For clarified question):

The commands should be executed on two separate lines. I believe that there is a mistyped portion of this, as well. I believe that the @ symbol before max is not necessary. The second $ in the grep command also seems unnecessary. Finally, in your example, the single quotes around the cut command should be tick marks (` from the ~ key as opposed to ') The full command should probably be (on separate lines):

max=`cut -f4 -d: intrulog | sort -n -r | head -1`
grep "$max" logfile | cut -f1,3,4 -d: | sort | uniq

If you want to run it as all one line, add a semicolon in between.

ORIGINAL ANSWER:

max is being assigned the value cut -f4 -d: intrulog | sort -n -r | head -1, which does the following in order:

cut is called to process the file intrulog, picking out the fourth column in a set delimited by a colon (:)
sort is called to sort the output of cut to put the highest numbers on top
head is called to reduce the output to just the top line.

Taken all together, it basically takes the highest value in the fourth column of the file called intrulog and returns that as the value max, which grep then searches for in logfile.

From what grep finds, cut is then called again to return the 1st, 3rd, and 4th columns, which are then sorted by sort alphabetically and trimmed by uniq to only show unique results.

Hyppy

Posted 2011-05-11T22:10:59.900

Reputation: 3 636

Very clear explanations, but I am afraid I wasn't too clear with my question. I will edit the main question. – ThatJoeGuy – 2011-05-11T22:51:24.703

Update your question then ;-) – Hyppy – 2011-05-11T22:52:38.227

That is a perfect answer. Sorry for not being very clear in the initial question. – ThatJoeGuy – 2011-05-11T23:27:43.080

@ThatJoeGuy feel free to accept the answer if you feel it met your needs. The propensity for users to answer future questions is often determined by the percentage of accepted answers you have :-) – Hyppy – 2011-05-11T23:31:34.137

The first line sets an environment variable named max, which grep then calls. The $ references the variable you set up in the first line.

Try echo $USER or echo $HOME to see some other environment variables.

charliehorse55

Posted 2011-05-11T22:10:59.900

Reputation: 673