This questions is so simple its annoying me. Its more Linux related.
Im looking at my linux message log and am seeing a lot of data....Im trying to find hacking attempts on my webserver, syslog is logging a lot of data and that's the only logging i can get.
I get a entry like this:
I would like set up some type of mask for all my syslogs with this format:Apr 15 18:12:05 MJOLNIR user.warn kernel: ACCEPT IN=vlan1 OUT= MAC=00:13:10:41:5d:XX:00:0b:23:5e:d0:e5:08:00:45:0 0:00:XX SRC=x.x.x.x DST=x.x.x.x LEN=48 TOS=0x00 PREC=0x00 TTL=123 ID=30866 DF PROTO=TCP SPT=2028 DPT=80 SEQ=3679582193 ACK=0 WINDOW=64512 RES=0
Also a way to filter out doubles.Incoming Logs:
1. Apr 15 18:12:05 SRC=x.x.x.x DST=x.x.x.x Port: 80 ACCEPT
I know I can use grep and sed but...I just cant get the syntax right. Anyone done/doing something like this?