grep bro conn.log with switch mac addresses on port

diff --git a/bro-grep-conn-switch-port.sh b/bro-grep-conn-switch-port.sh
new file mode 100755 (executable)
index 0000000..95060b5
--- /dev/null
+++ b/bro-grep-conn-switch-port.sh
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+test -z "$1" && echo "Usage: $0 switch port" && exit 1
+
+./snmp-mac-port $1
+
+regex=$( grep " $2\$" /dev/shm/snmp-mac-port/$1 | awk '{ print $3 }' )
+regex=$( echo $regex | sed -e 's/ /|/g' -e 's/^/(/' -e 's/$/)/' )
+
+echo "# $regex"
+
+ssh enesej egrep \"$regex\" /var/log/bro/current/conn.log | tee /dev/shm/bro-conn-$1-$2