You are not logged in.
- Topics: Active | Unanswered
#1 2009-01-13 15:29:41
- brisbin33
- Member
- From: boston, ma
- Registered: 2008-07-24
- Posts: 1,796
- Website
[SOLVED] SSH Log check script, what am i doing wrong?
wow linux, you never cease to amaze me
cat /var/log/auth.log | grep -vP "(209\.94\.131.\65|216\.204\.172\.218)" | grep Accepted | awk '{ print $1, $2, $11 }'--- the rest is immaterial --
disclaimer: i am a horrible scripter; i'm just learning; there's probably a better way to do this
what i'm trying to do: cat through /var/log/auth.log for accepted ssh connections, filter out my home and work ip's, place any filtered ip's in a log file with date.
i'm having some trouble when checking for inequality between two ip strings (xx.xx.xx.xx). this script:
#!/bin/bash
homeip=`whatismyip`
workip="216.204.172.218"
log=${HOME}/Documents/ssh_log
logip=`cat /var/log/auth.log |
\grep Accepted.*patrick |
\awk '{ print $11 }'`
if [ "$logip" != "$homeip" ]; then
if [ "$logip" != "$workip" ]; then
echo -e "$logip \n"
#cat /var/log/auth.log | grep "$logip" | awk '{ print $1 " " $2 " " $11 }' > $log
fi
fi
echo Home\:\ $homeip
echo Work\:\ $workip
exit 0outputs this:
...
216.204.172.218
216.204.172.218
216.204.172.218
216.204.172.218
216.204.172.218
192.168.0.7
192.168.0.7
192.168.0.7
216.204.172.218
216.204.172.218
216.204.172.218
216.204.172.218
216.204.172.218
216.204.172.218
216.204.172.218
216.204.172.218
216.204.172.218
68.37.60.140
68.37.60.140
68.37.60.140
68.37.60.140
68.37.60.140
68.37.60.140
68.37.60.140
68.37.60.140
216.204.172.218
216.204.172.218
216.204.172.218
216.204.172.218
216.204.172.218
216.204.172.218
192.168.0.7
216.204.172.218
209.94.131.65
209.94.131.65
216.204.172.218
209.94.131.65
216.204.172.218
Home: 209.94.131.65
Work: 216.204.172.218i have it just echoing the ip's it finds in the log, then showing which ones _should've_ been filtered out, to debug.
what gives?
i'm sure it's trivial, any help would be appreciated.
Last edited by brisbin33 (2009-01-13 17:10:10)
//github/
Offline
#2 2009-01-13 15:43:37
- rson451
- Member
- From: Annapolis, MD USA
- Registered: 2007-04-15
- Posts: 1,233
- Website
Re: [SOLVED] SSH Log check script, what am i doing wrong?
Try something like this instead:
grep -vP "(home\.ip\.goes\.here|work\.ip\.goes\.here)" /path/to/log/fileThen awk out what you want?
archlinux - please read this and this — twice — then ask questions.
--
http://rsontech.net | http://github.com/rson
Offline
#3 2009-01-13 15:44:11
- pointone
- Wiki Admin
- From: Waterloo, ON
- Registered: 2008-02-21
- Posts: 379
Re: [SOLVED] SSH Log check script, what am i doing wrong?
Here's a hint: logip="216.204.172.218\n216.204.172.218\n216.204.172.218..."
Dude, that's one big string!
M*cr*s*ft: Who needs quality when you have marketing?
Offline
#4 2009-01-13 16:19:27
- brisbin33
- Member
- From: boston, ma
- Registered: 2008-07-24
- Posts: 1,796
- Website
Re: [SOLVED] SSH Log check script, what am i doing wrong?
pointone,
yes, you're exactly right, i was thinking one grepped line at a time, not the whole string... that'll require a rewrite 
rson,
grep -vP and awk should do what i want w/o any scripting required... think i'd learn by now, RTFM right?
//github/
Offline
#5 2009-01-13 16:21:15
- rson451
- Member
- From: Annapolis, MD USA
- Registered: 2007-04-15
- Posts: 1,233
- Website
Re: [SOLVED] SSH Log check script, what am i doing wrong?
archlinux - please read this and this — twice — then ask questions.
--
http://rsontech.net | http://github.com/rson
Offline