Solved

Need a script to search in the logs

Posted on 2009-04-13
11
253 Views
Last Modified: 2013-12-26
. Search in the logs for the IP.Adresses
2. if found take the 'connected' or ' disconnected' status
3. create output <IP- Adress> - <status>
Take care that the script is searcing in all logs available when it is started the first time, because only connection status changes only written in this logs.
The following time the script should take the new logs and the last information written by the script to create new status update.
The script should be stated via crontab each 5 minutes
0
Comment
Question by:ratnaprasad123
  • 5
  • 3
11 Comments
 
LVL 40

Expert Comment

by:omarfarid
ID: 24135075
can you provide sample logs?
0
 

Author Comment

by:ratnaprasad123
ID: 24135110
Attaching the code here
0
 

Author Comment

by:ratnaprasad123
ID: 24135124
Attaching the log file
connection-ipdp01-0-63.log
0
 

Author Comment

by:ratnaprasad123
ID: 24135252
Hi Do you need any more info let me know.
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 84

Expert Comment

by:ozo
ID: 24135279
Do you want the IP address from the LOCL, REM, or ID column?
0
 

Author Comment

by:ratnaprasad123
ID: 24135350
take it as LOCL
Thanks,
0
 
LVL 84

Expert Comment

by:ozo
ID: 24135455
perl -ane '$i{$F[4]}=[@F[0,2]] unless $i{$F[4]} && $i{$F[4]}[0] gt $F[0]; END{print "$_ - $i{$_}[1]\n" for keys %i}' *.log
0
 

Author Comment

by:ratnaprasad123
ID: 24135509
Do you have any other way than perl......Sorry  i am little weak in perl
0
 
LVL 84

Accepted Solution

by:
ozo earned 500 total points
ID: 24135618
awk '{if( !t[$5]|| t[$5] < $1 ){ t[$5] = $1; s[$5]=$3 }}END{ for( i in s){ print i,"-",s[i]; }}' *.log
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

If you use Adobe Reader X it is possible you can't open OLE PDF documents in the standard. The reason is the 'save box mode' in adobe reader X. Many people think the protected Mode of adobe reader x is only to stop the write access. But this fe…
Over the years I've spent many an hour playing on hardened, DMZ'd servers, with only a sub-set of the usual GNU toy's to keep me company; frequently I've needed to save and send log or data extracts from these server back to my PC, or to others, and…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now