Stripping fields from within lines of text

So my excursion into bash scripting continues, the following line will extract fields from text(whilst a little specific to its task maybe useful for others)

I can only recommend a good read up of how to use sed, which is a powerful (and seemingly quite complicated) text editor that will remove / add / replace text on the fly. The notation is probably the biggest hurdle but its worth the effort!

cat /etc/snort/*.rules | grep fwsam | sed -e 's/^.*sid://' -e 's/;.*$//' | sort -n

The above line searchs for all occurences of fwsam in the snort rule files (the snort ip blocking utility snortsam), strips out the rules it finds down to just the sid number (by removing all text before the occurence of 'sid:' and all text after the semicolon, and then sorts the remaining results in numerical order.

To break it down...

cat /etc/snort/*.rules #Display all files ending in .rules from the /etc/snort directory

| grep fwsam #Then feed this through grep which searches for all occurrences of fwsam

| sed -e 's/^.*sid://' -e 's/;.*$//' #Then feed this through sed, which strips everything on the line up until 'sid:', and everything after the next semicolon to the end of the line

| sort -n #Then sort all results in numerical order