Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Sanitizing a column

Status
Not open for further replies.
segment

segment

ISP
Jun 15, 2004
225
0
0
US
Alright all. (greets for the week). I have a question on sanitizing...

I have the following script looking at /var/log/secure (sometimes /var/log/authlog)

awk '!/invalid user/&&!/#/&& /\./&& !a[$0]++
{print "iptables -A INPUT -s "$13" -i eth0 -d eth0 -p TCP --dport 22 -j REJECT"}' /var/log/secure |\
awk '/iptables/ && !/#/ && !/-s -i/'|\
grep -E '(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[1-9])(\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[0-9])){3}'|sh

It looks for an offending address, then creates an iptables rule from the 13th column of the file. I'd like to be able to somehow get my grep -E '(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[1-9])(\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[0-9])){3}' to check the output of the 13th column in awk and SOLELY parse out IP addresses. Any thoughts?


perl -e 'print $i=pack(c5,(40*2),sqrt(7600),(unpack(c,Q)-3+1+3+3-7),oct(104),10,oct(101));'
 
Sort by date Sort by votes
Simplified question...

echo "Nov 27 16:31:21 local sshd[67010]: Illegal user dd from 213.134.128.227"|awk '{print $10}'

What if something other than an address was in the tenth field. How can I check and ignore it?

Say ... Print 10 only if the word from is in column $9 and the words Illegal user are on columns $5 and $6

perl -e 'print $i=pack(c5,(40*2),sqrt(7600),(unpack(c,Q)-3+1+3+3-7),oct(104),10,oct(101));'
 
Upvote 0 Downvote
Thanks feherke, one last question, the tenth column is the last column on the line, is there any setting to specify, if columns are longer then 10 ignore the line entirely?

perl -e 'print $i=pack(c5,(40*2),sqrt(7600),(unpack(c,Q)-3+1+3+3-7),oct(104),10,oct(101));'
 
Upvote 0 Downvote
Code: 
awk 'NF<=10&&($5=="Illegal"||$6=="Illegal")&&$9=="from"{print $10}' /input/file

Annihilannic.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

visitnag
  • Locked
  • Question
Hi I have a file with following
Replies
2
Views
80
visitnag
visitnag
johngiggs
  • Locked
  • Question
How do I print from a specific string to a new line with a matching pattern
Replies
3
Views
81
mikrom
mikrom
V_M
  • Locked
  • Question
Awk Command not able to read French/Spanish characters from a file
Replies
1
Views
63
mikrom
mikrom
darioit
  • Locked
  • Question
match two file passing input as parameter
Replies
1
Views
64
mikrom
mikrom
visitnag
  • Locked
  • Question
summing up column total and print it beside the last record.. 1
Replies
4
Views
60
visitnag
visitnag

Part and Inventory Search

Sponsor

Back
Top