03-30-2017
Quote:
Originally Posted by
vgplayer54
Sorry for not being overly clear - what I am attempting to do is run traffic through my network on a variety of different ports (ie. HTTP traffic on port 80, SMTP on port 143, MySQL on port 1306, etc). Then, I will be asked a variety of questions including as an example: "Show me all MySQL traffic that went through your network on March 27 between 12:30pm and 12:35pm". This is what I need the script to do: I enter the name of the script on the command line followed by variables that specify the requested information. (ie. myscript Mar 27 12:30:00 12:35:00 port=1306) and it will display all MySQL traffic on that date between those times from the /var/log/messages file. Will the above posted script be able to do this? I am..not very good at scripting awk, not sure where to use that or how to make it work for port numbers.
Also you mentioned the INPUT-DROPPED and FORWARD-ACCEPTED before from my first script, those are just chains within my iptables. I do not think they should be related to the script as it would be locating all network traffic, both dropped and accepted.
I don't care whether or not you know
awk (although I would hope that you are making an attempt to learn how to use it if you want to process the types of data you're asking us to help you learn how to handle). But, I do expect you to know be able to answer questions about your data and I expect you to be able to describe how you want to process your data.
- Given your data (which you provided in post #4 in this thread), please show us where the port number you want to use to select records is located within those records.
- If you want to select records based on chains, please explain how a chain is identified in your data.
- The code you showed us used case-insensitive searches, but there doesn't seem to be any inconsistency in case in your data. Do you need case-insensitive search capabiliities?
- When you pass search criteria to your script, do you expect the script to treat those criteria as regular expressions or as fixed strings?
I can almost write
awk scripts in my sleep, but I can't write a script to process data in any language if I don't understand what it is that I'm trying to do.
10 More Discussions You Might Find Interesting
1. Solaris
hi sirs
can u tell the difference between /var/log/syslogs and /var/adm/messages
in my working place i am having two servers.
in one servers messages file is empty and syslog file is going on increasing..
and in another servers message file is going on increasing but syslog file is... (2 Replies)
Discussion started by: tv.praveenkumar
2 Replies
2. UNIX for Advanced & Expert Users
The /var/adm/messages in Solaris seem to log more system messages/errors compared to /var/log/messages in Linux.
I checked the log level in Linux and they seem OK.
Is there any other log file that contains the messages or is it just that Linux doesn't log great many things? (2 Replies)
Discussion started by: gomes1333
2 Replies
3. Solaris
Hi,
Is the contents in /var/log/syslog and /var/adm/messages are same??
Regards (3 Replies)
Discussion started by: vks47
3 Replies
4. Shell Programming and Scripting
How can view log messages between two time frame from /var/log/message or any type of log files.
when logfiles are very big and especially many messages with in few minutes, I would like to display log messages between 5 minute interval.
Could you pls give me the command? (1 Reply)
Discussion started by: johnveslin
1 Replies
5. UNIX for Dummies Questions & Answers
So I want the DBA to access /var/log/messages and so I logged in as root and then edited the sudoers file as follows
"oracle ALL= (root) /bin/view, /var/log/messages"
However when I login as oracle and try
"sudo more /var/log/messages" I get
Sorry, user oracle is not allowed to... (1 Reply)
Discussion started by: gubbu
1 Replies
6. UNIX for Dummies Questions & Answers
Whenever a user uses su I get the following error messages in /var/log/messages:
Nov 23 04:24:55 <REMOVED> abrt: saved core dump of pid 26141 (/usr/libexec/fprintd) to /var/spool/abrt/ccpp-1322018695-26141.new/coredump (753664 bytes)
Nov 23 04:24:55 <REMOVED> abrtd: Directory... (3 Replies)
Discussion started by: JakesHat
3 Replies
7. Shell Programming and Scripting
Hello All,
I want to write a script to monitor my product logs from /var/log/messages and send notifications without using "tail -f" command.Please suggest alternatives and any other tools for monitoring and alerting.
Thank You (1 Reply)
Discussion started by: Cva2568
1 Replies
8. Shell Programming and Scripting
Below is my script to log all the command input by any user to /var/log/messages. But I cant achieve the desired output that i want. PLease see below.
function log2syslog
{
declare COMMAND
COMMAND=$(fc -ln -0)
logger -p local1.notice -t bash -i -- "$USER:$COMMAND"
}
trap... (12 Replies)
Discussion started by: invinzin21
12 Replies
9. Shell Programming and Scripting
I have been searching and reading about syslog. I would like to know how to Transfer the logs being thrown into /var/log/messages into another file example /var/log/volumelog.
tail -f /var/log/messages
dblogger: msg_to_dbrow: no logtype using missing
dblogger: msg_to_dbrow_str: val ==... (2 Replies)
Discussion started by: kenshinhimura
2 Replies
10. Shell Programming and Scripting
I am trying to create a script that checks if my VPN connection is up and running...
Everything seems to work as except but for some reason, the script fills up my /var/log/auth.log with the below information
Dec 13 01:07:44 debian sudo: soichiro : TTY=pts/0 ; PWD=/home/soichiro/Desktop ;... (5 Replies)
Discussion started by: soichiro
5 Replies
LEARN ABOUT MOJAVE
jrunscript
jrunscript(1) General Commands Manual jrunscript(1)
NAME
jrunscript - command line script shell
SYNOPSIS
jrunscript [ options ] [ arguments... ]
PARAMETERS
options
Options, if used, should follow immediately after the command name.
arguments
Arguments, if used, should follow immediately after options or command name.
DESCRIPTION
jrunscript is a command line script shell. jrunscript supports both an interactive (read-eval-print) mode and a batch (-f option) mode of
script execution. This is a scripting language independent shell. By default, JavaScript is the language used, but the -l option can be
used to specify a different language. Through Java to scripting language communication, jrunscript supports "exploratory programming"
style.
NOTE: This tool is experimental and may not be available in future versions of the JDK.
OPTIONS
-classpath path
Specify where to find the user's .class files that are accessed by the script.
-cp path
This is a synonym for -classpath path
-Dname=value
Set a Java system property.
-Jflag
Pass flag directly to the Java virtual machine on which jrunscript is run.
-l language
Use the specified scripting language. By default, JavaScript is used. Note that to use other scripting languages, you also need to spec-
ify the corresponding script engine's jar file using -cp or -classpath option.
-e script
Evaluate the given script. This option can be used to run "one liner" scripts specified completely on the command line.
-encoding encoding
Specify the character encoding used while reading script files.
-f script-file
Evaluate the given script file (batch mode).
-f -
Read and evaluate a script from standard input (interactive mode).
-help
Output help message and exit.
-?
Output help message and exit.
-q
List all script engines available and exit.
ARGUMENTS
If [arguments...] are present and if no -e or -f option is used, then the first argument is the script file and the rest of the arguments,
if any, are passed as script arguments. If [arguments..] and -e or -f option are used, then all [arguments..] are passed as script argu-
ments. If [arguments..], -e and -f are missing, interactive mode is used. Script arguments are available to a script in an engine variable
named "arguments" of type String array.
EXAMPLES
Executing inline scripts
jrunscript -e "print('hello world')"
jrunscript -e "cat('http://java.sun.com')"
Use specified language and evaluate given script file
jrunscript -l js -f test.js
Interactive mode
jrunscript
js>print('hello world');
hello world
js>34 + 55
89
js> thread(function() { print('hello world'); }
hello world
js>
Run script file with script arguments
jrunscript test.js arg1 arg2 arg3
test.js is script file to execute and arg1, arg2 and arg3 are passed to script as script arguments. Script can access these using "argu-
ments" array.
SEE ALSO
If JavaScript is used, then before evaluating any user defined script, jrunscript initializes certain built-in functions and objects. These
JavaScript built-ins are documented in jsdocs.
06 Aug 2006 jrunscript(1)