Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!uunet!seismo!decuac!avolio
From: avolio@decuac.dec.com (Frederick M. Avolio)
Newsgroups: comp.unix.questions
Subject: awk pattern matching
Message-ID: <1710@decuac.DEC.COM>
Date: Fri, 7-Aug-87 12:46:43 EDT
Article-I.D.: decuac.1710
Posted: Fri Aug  7 12:46:43 1987
Date-Received: Sun, 9-Aug-87 02:19:14 EDT
References: <1092@gilsys.UUCP>
Sender: avolio@decuac.dec.com
Organization: DEC SWS, Landover, MD
Lines: 34

In article <1092@gilsys.UUCP> mc68020@gilsys.UUCP (Thomas J Keller) writes:

>   I am attempting to write a small awk script which will scan my sulog file
>for attempts to su by any but a small list of user names.  ...

>	SU 08/05 09:30 + tty02 msi-root

>    the 6th field (msi-root) is the field I want to match to.  The basic
>pattern to be matched would be any of [root, news, me] with an explicit "-"
>and then *ANY* string of chars after that.  ...

This seems to work.  This will find entries which have any of
{root,me,news}  followed by a dash followed by any number of characters.

	$6 !~ /((root)|(me)|(news))-.*/ { print $0 }


With this as my data file:

SU 08/05 09:30 + tty02 me-root
SU 08/05 09:30 + tty02 root-root
SU 08/05 09:30 + tty02 msi-root
SU 08/05 09:30 + tty02 news-root
SU 08/05 09:30 + tty02 msi-root

My results:

% awk '$6 !~ /((root)|(me)|(news)).*-.*/ { print $0 } ' jnk 
SU 08/05 09:30 + tty02 msi-root
SU 08/05 09:30 + tty02 msi-root


Good awking!
Fred (bailing outnear line 1)