Bash Sed regex - How to separate IP:PORT without interfering with other NUMBER:NUMBER formats in a line?

Question

I am trying to separate the IP and Port on the last part of the line but there are other colons present in the line so I have to use regex to identify the IPv4 format, then isolate the matched pattern to IP: then replace the colon with a comma keeping the IP part of the pattern unchanged. I know I have to use capture groups, but it appears its not doing anything?

Input Data:

Aug 4 23:45:23,10.10.3.1,snort[92683]:,[1:2025701:2],ET POLICY SMB2 NT Create AndX Request For an Executable File,[Classification: Potentially Bad Traffic],[Priority: 2],TCP,10.10.0.2:6342,10.10.3.3:445

Expected Output:

Aug 4 23:45:23,10.10.3.1,snort[92683]:,[1:2025701:2],ET POLICY SMB2 NT Create AndX Request For an Executable File,[Classification: Potentially Bad Traffic],[Priority: 2],TCP,10.10.0.2,6342,10.10.3.3,445

Current Command:

sed -r 's/(\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b):/\1,/g;'

Unfortunately dupe answer is all about `\d` only and doesn't cover word boundary in `sed` — anubhava, Sep 08 '22 at 13:41

anubhava · Accepted Answer · 2020-08-06T07:10:12.737

1

sed traditionally doesn't support perl regex properties such as \w, \d etc in regex.

You may use this sed with a shortened regex:

sed -E 's/(([0-9]{1,3}\.){3}[0-9]{1,3}):/\1,/g' file

A note on word boundaries:

Note that gnu-sed does support \b or \< for word boundary, however BSD sed doesn't support it and you may have to use [[:<:]] on OSX sed.

edited Aug 06 '20 at 07:10

answered Aug 05 '20 at 19:24

anubhava

761,203
64
569
643

Bash Sed regex - How to separate IP:PORT without interfering with other NUMBER:NUMBER formats in a line?

1 Answers1