nixCraft
Linux / UNIX Tech Support Forum
Locating string/s in a log file
This is a discussion on Locating string/s in a log file within the Shell scripting forums, part of the Development/Scripting category; Hi, Below is an excerpt of an ossec log file. What I wanted to do is to locate/search a users ...
|
|||||||
| Shell scripting You can discuss the shell scripting, request shell scripts and scripting techniques |
 |
|
|
LinkBack | Thread Tools | Display Modes |
21-05-2009, 12:13 PM
|
|||
|
|||
Locating string/s in a log file
Hi,
Below is an excerpt of an ossec log file. What I wanted to do is to locate/search a users time of log on by: 1. searching the user's uname in the line with "Successful Network Logon" 2. getting the line with the date/time "2009 May 21 09:00:54" just before the line where #1 was retrieved. Hoping you could help me on this  ------------------------------------------------------------------------- Code:
** Alert 1242867654.171407408: - windows,authentication_success, 2009 May 21 09:00:54 (dc1) 10.11.20.4->WinEvtLog Rule: 18107 (level 3) -> 'Windows Logon Success.' Src IP: (none) User: hostname WinEvtLog: Security: AUDIT_SUCCESS(540): Security: hostname: PSB: dc1: Successful Network Logon: User Name: hostname ** Alert 1242867656.171408138: - windows, 2009 May 21 09:00:56 (filesvr) 10.11.40.108->WinEvtLog Rule: 18149 (level 3) -> 'Windows User Logoff.' Src IP: (none) User: testuser01 WinEvtLog: Security: AUDIT_SUCCESS(538): Security: testuser01: PSB: FILESVR: User Logoff: User Name: testuser ** Alert 1242867657.171408505: - windows,authentication_success, 2009 May 21 09:00:57 (ftpsvr) 10.11.40.24->WinEvtLog Rule: 18107 (level 3) -> 'Windows Logon Success.' Src IP: (none) User: testuser02 WinEvtLog: Security: AUDIT_SUCCESS(540): Security: ftpsvr: ftpsr: svr01: Successful Network Logon: User Name: ftpsvr ** Alert 1242867658.171408999: - windows, 2009 May 21 09:00:58 (mailsvr) 10.11.41.70->WinEvtLog Rule: 18149 (level 3) -> 'Windows User Logoff.' Src IP: (none) User: testuser03 WinEvtLog: Security: AUDIT_SUCCESS(538): Security: testuser03: PSB: mailsvr: User Logoff: User Name: testuser03 Last edited by nixcraft; 22-05-2009 at 02:23 AM. 
|
| Sponsored Links | ||
|
|
|
22-05-2009, 12:49 AM
|
|||
|
|||
|
Code:
awk -v name=hostname 'BEGIN {
FS = "\n" ; RS = ""
str = name ".*Successful Network Logon"
}
$0 ~ str {
print $2
}'
|
|
11-06-2009, 01:24 PM
|
|||
|
|||
|
Quote:
Thanks.
|
|
| Tags |
| awk , awk select lines , shell scripting |
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) |
|
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| String manipulation | Gideon | Shell scripting | 19 | 31-05-2009 01:50 AM |
| Shell Script for Searching a String | vivekv | Shell scripting | 7 | 10-03-2009 03:18 AM |
| split files by specifying a string (bash shell) | vikas027 | Shell scripting | 4 | 01-11-2007 04:22 PM |
| linux command search server for string | chimu | Linux software | 2 | 26-07-2006 12:40 AM |
| example for string connect to a command. | ryan | Shell scripting | 2 | 22-02-2005 01:05 PM |
All times are GMT +5.5. The time now is 02:26 AM.
