Have you tried your google'fu out on this? I find it hard to believe that you're the first person that's ever wanted to parse message logs like that.
Parse messages.....
This questions is so simple its annoying me. Its more Linux related.
Im looking at my linux message log and am seeing a lot of data....Im trying to find hacking attempts on my webserver, syslog is logging a lot of data and that's the only logging i can get.
I get a entry like this:
I would like set up some type of mask for all my syslogs with this format:Apr 15 18:12:05 MJOLNIR user.warn kernel: ACCEPT IN=vlan1 OUT= MAC=00:13:10:41:5d:XX:00:0b:23:5e:d0:e5:08:00:45:0 0:00:XX SRC=x.x.x.x DST=x.x.x.x LEN=48 TOS=0x00 PREC=0x00 TTL=123 ID=30866 DF PROTO=TCP SPT=2028 DPT=80 SEQ=3679582193 ACK=0 WINDOW=64512 RES=0
Also a way to filter out doubles.Incoming Logs:
1. Apr 15 18:12:05 SRC=x.x.x.x DST=x.x.x.x Port: 80 ACCEPT
I know I can use grep and sed but...I just cant get the syntax right. Anyone done/doing something like this?
QUOTE=cybrsnpr;118082]I think you have the right idea, but I also think you are really trying to kill a gnat with a small nuclear device!
Have you tried your google'fu out on this? I find it hard to believe that you're the first person that's ever wanted to parse message logs like that.
I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.
I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.
Posting Permissions