bertrandmartel · August 29, 2015 14:27
diff --git a/formatted_output.txt b/formatted_output.txt
 2015-08-13,09:55:27,8080,7,,,,1,,,,,1,,5555,2,,,,,,,1,,,,0
 2015-08-13,09:56:27,8080,1,,,,,,,,,1,,5555,1,,,,,,,1,,,,1
diff --git a/netstat_format.sh b/netstat_format.sh
 #!/bin/bash
 #title         :format_netstat.sh
 #author		   :Bertrand Martel
 #date          :13/08/2015

 #declare a list of all session state you may find in linux system
 declare -a arr=("ESTABLISHED" "SYN_SENT" "SYN_RECV" "FIN_WAIT1" "FIN_WAIT2" "TIME_WAIT" "CLOSED" "CLOSE_WAIT" "LAST_ACK" "LISTEN" "CLOSING")

 IFS=$'\n'     #line delimiter
 set -f        #Disable file name generation (globbing)
 count_line=0  #line counter

 #empty your output file
 cp /dev/null "$2"

 for i in $(cat "$1"); do

 	#test="2015-08-13 09:55:27 Port 8080 ( ESTABLISHED 7, FIN_WAIT2 1, LISTEN 1,) Port 5555 ( CLOSE_WAIT 1, ESTABLISHED 2,)"
 	main_part=$i

 	new_line=""

 	#extract first,second and fourth column with ' ' delimiter
 	date_val=`echo $main_part | cut -d' ' -f1`
 	time_val=`echo $main_part | cut -d' ' -f2`
 	port_val=`echo $main_part | cut -d' ' -f4`

 	#append these fields to new line output var
 	new_line="$date_val,$time_val,$port_val"

 	for i in {0..10}
 	{
 		#here extract all that is between parenthesis and process it independently with replacing "," with ' ', looking for session state in arr defined in the beginning.
 		#  awk '{print $2}' => will finally print the second argument eg the value of the key found in arr
 		result=`echo $main_part | awk -v FS="([(]|[)])" '{print $2}'  | sed 's/,/ /g' | grep -o "${arr[i]} [^ ]*" | awk '{print $2}'`
 		if [ -z "$result" ]; then
 			result=""
 		fi
 		new_line="$new_line,$result"
 	}

 	#cut all before " Port"
 	second_part=`echo $main_part | sed 's/.*) Port //'`

 	#second port in line
 	port2_val=`echo $second_part | cut -d' ' -f1`

 	#add port2 value to line output
 	new_line="$new_line,$port2_val"

 	for i in {0..10}
 	{
 		result=`echo $second_part | awk -v FS="([(]|[)])" '{print $2}'  | sed 's/,/ /g' | grep -o "${arr[i]} [^ ]*" | awk '{print $2}'`
 		if [ -z "$result" ]; then
 			result=""
 		fi
 		new_line="$new_line,$result"
 	}

 	#add line count
 	new_line="$new_line,$count_line"

 	#increment line count
 	count_line=$((count_line+1))

 	#append content of new line to output file
 	echo $new_line >> "$2"
 done

 cat "$2"
diff --git a/output.txt b/output.txt
 2015-08-13 09:55:27 Port 8080 ( ESTABLISHED 7, FIN_WAIT2 1, LISTEN 1,) Port 5555 ( CLOSE_WAIT 1, ESTABLISHED 2,)
 2015-08-13 09:56:27 Port 8080 ( ESTABLISHED 1, LISTEN 1,) Port 5555 ( CLOSE_WAIT 1, ESTABLISHED 1,)
	2015-08-13,09:55:27,8080,7,,,,1,,,,,1,,5555,2,,,,,,,1,,,,0
	2015-08-13,09:56:27,8080,1,,,,,,,,,1,,5555,1,,,,,,,1,,,,1
	#!/bin/bash
	#title :format_netstat.sh
	#author :Bertrand Martel
	#date :13/08/2015

	#declare a list of all session state you may find in linux system
	declare -a arr=("ESTABLISHED" "SYN_SENT" "SYN_RECV" "FIN_WAIT1" "FIN_WAIT2" "TIME_WAIT" "CLOSED" "CLOSE_WAIT" "LAST_ACK" "LISTEN" "CLOSING")

	IFS=$'\n' #line delimiter
	set -f #Disable file name generation (globbing)
	count_line=0 #line counter

	#empty your output file
	cp /dev/null "$2"

	for i in $(cat "$1"); do

	#test="2015-08-13 09:55:27 Port 8080 ( ESTABLISHED 7, FIN_WAIT2 1, LISTEN 1,) Port 5555 ( CLOSE_WAIT 1, ESTABLISHED 2,)"
	main_part=$i

	new_line=""

	#extract first,second and fourth column with ' ' delimiter
	date_val=`echo $main_part \| cut -d' ' -f1`
	time_val=`echo $main_part \| cut -d' ' -f2`
	port_val=`echo $main_part \| cut -d' ' -f4`

	#append these fields to new line output var
	new_line="$date_val,$time_val,$port_val"

	for i in {0..10}
	{
	#here extract all that is between parenthesis and process it independently with replacing "," with ' ', looking for session state in arr defined in the beginning.
	# awk '{print $2}' => will finally print the second argument eg the value of the key found in arr
	result=`echo $main_part \| awk -v FS="([(]\|[)])" '{print $2}' \| sed 's/,/ /g' \| grep -o "${arr[i]} [^ ]*" \| awk '{print $2}'`
	if [ -z "$result" ]; then
	result=""
	fi
	new_line="$new_line,$result"
	}

	#cut all before " Port"
	second_part=`echo $main_part \| sed 's/.*) Port //'`

	#second port in line
	port2_val=`echo $second_part \| cut -d' ' -f1`

	#add port2 value to line output
	new_line="$new_line,$port2_val"

	for i in {0..10}
	{
	result=`echo $second_part \| awk -v FS="([(]\|[)])" '{print $2}' \| sed 's/,/ /g' \| grep -o "${arr[i]} [^ ]*" \| awk '{print $2}'`
	if [ -z "$result" ]; then
	result=""
	fi
	new_line="$new_line,$result"
	}

	#add line count
	new_line="$new_line,$count_line"

	#increment line count
	count_line=$((count_line+1))

	#append content of new line to output file
	echo $new_line >> "$2"
	done

	cat "$2"
	2015-08-13 09:55:27 Port 8080 ( ESTABLISHED 7, FIN_WAIT2 1, LISTEN 1,) Port 5555 ( CLOSE_WAIT 1, ESTABLISHED 2,)
	2015-08-13 09:56:27 Port 8080 ( ESTABLISHED 1, LISTEN 1,) Port 5555 ( CLOSE_WAIT 1, ESTABLISHED 1,)