Results 1 to 2 of 2

Thread: Parse messages.....

Hybrid View

  1. #1
    Junior Member
    Join Date
    Mar 2008
    Posts
    94

    Question Parse messages.....

    This questions is so simple its annoying me. Its more Linux related.

    Im looking at my linux message log and am seeing a lot of data....Im trying to find hacking attempts on my webserver, syslog is logging a lot of data and that's the only logging i can get.

    I get a entry like this:

    Apr 15 18:12:05 MJOLNIR user.warn kernel: ACCEPT IN=vlan1 OUT= MAC=00:13:10:41:5d:XX:00:0b:23:5e:d0:e5:08:00:45:0 0:00:XX SRC=x.x.x.x DST=x.x.x.x LEN=48 TOS=0x00 PREC=0x00 TTL=123 ID=30866 DF PROTO=TCP SPT=2028 DPT=80 SEQ=3679582193 ACK=0 WINDOW=64512 RES=0
    I would like set up some type of mask for all my syslogs with this format:

    Incoming Logs:
    1. Apr 15 18:12:05 SRC=x.x.x.x DST=x.x.x.x Port: 80 ACCEPT
    Also a way to filter out doubles.

    I know I can use grep and sed but...I just cant get the syntax right. Anyone done/doing something like this?
    QUOTE=cybrsnpr;118082]I think you have the right idea, but I also think you are really trying to kill a gnat with a small nuclear device!

  2. #2
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Have you tried your google'fu out on this? I find it hard to believe that you're the first person that's ever wanted to parse message logs like that.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •