Hi, I have a sed script which runs just fine at the command prompt, but when I include it in a bash script, it fails with: unexpected EOF while looking for matching `"' As always, any help or suggestions are greatly appreciated. It might take me an hour or two to reply to comments, thank you.
I'm working in Ubuntu 16.04
The script will eventually change two patterns within a log line (the combined sed command is commented out). The sed line is:
Code:
sed -i -r "s#INIT\][0-9]{4}\s[A-Z][a-z]{2}\s[0-9]+#INIT]$ymdDate#g" $1
The script is as follows:
Code:
#!/bin/bash
if [ "$1" = "" ]; then
echo "ERROR: Please enter filename '\n' Example: change-ossec-alertDate.sh myalerts.log "
else
#today= `date "+%s" | cut -c1-6`
today=$(date "+%s" | cut -c1-6)
ymdDate=$(date "%Y %b %d)
echo "today = $today"
# the first part of the sed command below (before the ";") works fine
# sed -i -r "s#AV - Alert - \"[0-9]{6}#AV - Alert - \"$today#g;s#INIT\][0-9]{4}\s[A-Z][a-z]{2}\s[0-9]+#INIT]$ymdDate#g" $1
# the line below works at the prompt, but fails in a script
sed -i -r "s#INIT\][0-9]{4}\s[A-Z][a-z]{2}\s[0-9]+#INIT]$ymdDate#g" $1
fi
And last but not lease, here is the sample text:
Code:
AV - Alert - "1557833239" --> RID: "110021"; RL: "2"; RG: "windows,applocker,"; RC: "Applocker audit mode program would have been blocked"; USER: "None"; SRCIP: "None"; HOSTNAME: "(DC1) 10.101.4.210->WinEvtLog"; LOCATION: "(DC1) 10.101.4.210->WinEvtLog"; EVENT: "[INIT]2019 May 14 07:53:51 WinEvtLog: Microsoft-Windows-AppLocker/EXE and DLL: Warning(8003): no source: KevinAdmin: TESTDOMAIN: 2012R2-DC1.testdomain.local: %SYSTEM32%\MMC.EXE was allowed to run but would have been prevented from running if the AppLocker policy were enforced.[END]";
Thanks again,
Kevin
YMMV
