Sanitizing a column

[segment]

Alright all. (greets for the week). I have a question on sanitizing...

I have the following script looking at /var/log/secure (sometimes /var/log/authlog)

awk '!/invalid user/&&!/#/&& /\./&& !a[$0]++
{print "iptables -A INPUT -s "$13" -i eth0 -d eth0 -p TCP --dport 22 -j REJECT"}' /var/log/secure |\
awk '/iptables/ && !/#/ && !/-s -i/'|\
grep -E '(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[1-9])(\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[0-9])){3}'|sh

It looks for an offending address, then creates an iptables rule from the 13th column of the file. I'd like to be able to somehow get my grep -E '(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[1-9])(\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[0-9])){3}' to check the output of the 13th column in awk and SOLELY parse out IP addresses. Any thoughts?


perl -e 'print $i=pack(c5,(40*2),sqrt(7600),(unpack(c,Q)-3+1+3+3-7),oct(104),10,oct(101));'

 

[segment]

Simplified question...

echo "Nov 27 16:31:21 local sshd[67010]: Illegal user dd from 213.134.128.227"|awk '{print $10}'

What if something other than an address was in the tenth field. How can I check and ignore it?

Say ... Print 10 only if the word from is in column $9 and the words Illegal user are on columns $5 and $6

perl -e 'print $i=pack(c5,(40*2),sqrt(7600),(unpack(c,Q)-3+1+3+3-7),oct(104),10,oct(101));'

 

[feherke]

Hi

Say ... Print 10 only if the word from is in column $9 and the words Illegal user are on columns $5 and $6

awk '($5=="Illegal"||$6=="Illegal")&&$9=="from"{print $10}' /input/file

Feherke.

http://rootshell.be/~feherke/

 

[segment]

Thanks feherke, one last question, the tenth column is the last column on the line, is there any setting to specify, if columns are longer then 10 ignore the line entirely?

perl -e 'print $i=pack(c5,(40*2),sqrt(7600),(unpack(c,Q)-3+1+3+3-7),oct(104),10,oct(101));'

 

[Annihilannic]

awk 'NF<=10&&($5=="Illegal"||$6=="Illegal")&&$9=="from"{print $10}' /input/file

Annihilannic.