Login or Register to Ask a Question and Join Our Community


Shell Programming and Scripting

script to alert for repeated occurrence.

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums Shell Programming and Scripting script to alert for repeated occurrence.
# 1  
Old 12-20-2010
script to alert for repeated occurrence.
Hi,

I would like to monitor the log, and if the user is appearing for more than threshold, then it should alert me.

-- log --
Code:
[20/Dec/2010:09:41:15 -0500] conn=867199 op=17 msgId=21 - MOD dn="uid=
+acp100,ou=internal,ou=People1,dc=abc,dc=xxx,dc=com"

what i want is that script should pull user out each user and obtain the number occurence, and then alert in case it is over the threshold.

Please help me or provide me in case someone already has a script, and then i'll have my team further work on it.

Thanks in Advance.

- John
Last edited by Scott; 12-20-2010 at 01:52 PM.. Reason: Code tags
# 2  
Old 12-20-2010
Pls elaborate a bit more. What do you mean by user here.
Are you looking for looking for dc=<some_value> count? Like in above this count is 3 (dc=abc,dc=xxx,dc=com)
OR something else
# 3  
Old 12-20-2010
Hi,

The idea is to search for any user, acp100 can be any random user, but the line would be similar as you stated. So, we need to get the user first, and then search for occurrence within the file. Also, the file gets rotated, so we can run the script number of times.

Please let me know if you need any additional details.

Thanks, John.
# 4  
Old 12-20-2010
assuming uid=<user_value> is in same line.
Here following, $thresold is thresold value (If constant, relace this with that constant value)
Code:
 
sed 's/.*uid=//g' inputFile | awk -F, -v th=$thresold '{a[$1]++}END{for(i in a) if(a[i] > th) print "user",i,"has crossed the thresold limit",th}'

In case of multiple files, above command can be run over file list in a loop
Code:
ls | while read inputFile; do
    sed 's/.*uid=//g' $inputFile | awk -F, -v th=$thresold '{a[$1]++}END{for(i in a) if(a[i] > th) print "user",i,"has crossed the thresold limit",th}'
done

For input
Code:
 
[20/Dec/2010:09:41:15 -0500] conn=867199 op=17 msgId=21 - MOD dn="uid=acp100,ou=internal,ou=People1,dc=abc,dc=xxx,dc=com"
[20/Dec/2010:09:41:15 -0500] conn=867199 op=17 msgId=21 - MOD dn="uid=acp100,ou=internal,ou=People1,dc=abc,dc=xxx,dc=com"
[20/Dec/2010:09:41:15 -0500] conn=867199 op=17 msgId=21 - MOD dn="uid=acp100,ou=internal,ou=People1,dc=abc,dc=xxx,dc=com"
[20/Dec/2010:09:41:15 -0500] conn=867199 op=17 msgId=21 - MOD dn="uid=acp101,ou=internal,ou=People1,dc=abc,dc=xxx,dc=com"
[20/Dec/2010:09:41:15 -0500] conn=867199 op=17 msgId=21 - MOD dn="uid=acp101,ou=internal,ou=People1,dc=abc,dc=xxx,dc=com"

Output will be (If $thresold is 3)
Code:
 
user acp100 has crossed the thresold limit 3

For $thresold 1, output will be
Code:
 
user acp100 has crossed the thresold limit 1
user acp101 has crossed the thresold limit 1

# 5  
Old 12-20-2010
Code:
nawk -F'(uid=)|[,]' '{u[$2]++}END{for(i in u) if(u[i]>thr) print "user",i,"has crossed ["u[i]"] the thresold limit ",thr}' thr=2 myLogFile

# 6  
Old 12-20-2010
Thanks Santosh.

I tried running the below command, but getting below error as specified. Do you think i should put it into a script, and then run it. I checked and the server has awk utility.
Code:
bash-2.05$ sed 's/.*uid=//g' access | awk -F, -v th=$thresold '{a[$1]++}END{for(i in a) if(a[i] > th) print "user",i,"has crossed the thresold limit",th}'
awk: syntax error near line 1
awk: bailing out near line 1

- John.
Last edited by Scott; 12-20-2010 at 01:52 PM.. Reason: Code tags
# 7  
Old 12-20-2010
Use nawk instead of awk script.
Code:
 
sed 's/.*uid=//g' inputFile | nawk -F, -v th=$thresold '{a[$1]++}END{for(i in a) if(a[i] > th) print "user",i,"has crossed the thresold limit",th}'

OR Better use vgersh99's soln. That's simpler.
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Cybersecurity

**ALERT**ALERT* Whats app requesting users to upgrade to latest version as; its vulnerability found.

Hello All, Want to share here an article for Whats app users that team whats app is requesting users to upgrade to its latest version since they have found a vulnerability; where Hacker could turn on a cell's camera, mic and scan messages and emails. Here is an article from "THE VERGE" for... (1 Reply)
Discussion started by: RavinderSingh13
1 Replies

2. Shell Programming and Scripting

sed print from last occurrence match until the end of last occurrence match

Hi, i have file file.txt with data like: START 03:11:30 a 03:11:40 b END START 03:13:30 eee 03:13:35 fff END jjjjjjjjjjjjjjjjjjjjj START 03:14:30 eee 03:15:30 fff END ggggggggggg iiiiiiiiiiiiiiiiiiiiiiiii I want the below output START (13 Replies)
Discussion started by: Jyotshna
13 Replies

3. UNIX for Beginners Questions & Answers

awk script to find repeated IP adress from trace file (.tr)

+ 8.00747 /NodeList/0/DeviceList/0/$ns3::PointToPointNetDevice/TxQueue/Enqueue ns3::PppHeader (Point-to-Point Protocol: IP (0x0021)) ns3::Ipv4Header (tos 0x0 DSCP Default ECN Not-ECT ttl 63 id 0 protocol 17 offset (bytes) 0 flags length: 540 10.1.3.3 > 10.1.2.4) ns3::UdpHeader (length: 520 49153 >... (11 Replies)
Discussion started by: Nipa
11 Replies

4. Shell Programming and Scripting

Substitute first occurrence of keyword if occurrence between two other keywords

Assume a string that contains one or multiple occurrences of three different keywords (abbreviated as "kw"). I would like to replace kw2 with some other string, say "qux". Specifically, I would like to replace that occurrence of kw2 that is the first one that is preceded by kw1 somewhere in the... (4 Replies)
Discussion started by: M Gruenstaeudl
4 Replies

5. Shell Programming and Scripting

Shell script for alert

Hi Experts, Im new in shell script , please help to achieve the below requirement, We have some replication setup in unix server, in that if there is any exception or error occurs immediately the rep_exception.log will have the exception detail, this log will be updated if any error occurs no... (8 Replies)
Discussion started by: pandiyan
8 Replies

6. Programming

Not a repeated question (Perl Script Create Football Formation)

https://www.unix.com/programming/252468-perl-script-create-football-formation.html https://www.unix.com/members/43551.html, it is not repeated question. please read it before u block my question. Unblock it for me. Thanks:mad: (0 Replies)
Discussion started by: Tzeronone
0 Replies

7. Shell Programming and Scripting

Find repeated word and take sum of the second field to it ,for all the repeated words in awk

Hi below is the input file, i need to find repeated words and sum up the values of it which is second field from the repeated work.Im trying but getting no where close to it.Kindly give me a hint on how to go about it Input fruits,apple,20,fruits,mango,20,veg,carrot,12,veg,raddish,30... (11 Replies)
Discussion started by: 100bees
11 Replies

8. Shell Programming and Scripting

How do I put data piped to my script into an array for repeated processing

Hi folks, Sorry for something I'm sure was answered already, I just could not find it in a search of the forums. I am trying to build a script that eats a config file as: cat file.cnf | ConProcess.shWhat I want to do inside the script is: !#/usr/bin/bash # captured piped cat into an... (6 Replies)
Discussion started by: Marc G
6 Replies

9. Shell Programming and Scripting

Script - Filter data - repeated loop - Help needed...

Dear Friend, I need a help for the below problem.. Can anyone suggest me to do... Input file data: rule { name=mainrule filt=pos loc { x=right + 660 y=top - 3100 } object_kind= DRAW ... (15 Replies)
Discussion started by: vasanth_vadalur
15 Replies

10. Shell Programming and Scripting

Email alert script

I need to code a script, which will run via cron, every 30 minutes. The script will read a file containing a date&time and number (which represents disk space). The file gets appended to every 30 minutes. Here's a sample of the file: CPU 1:04/25/02 1:00 am:1972554 CPU 1:04/25/02 1:30... (1 Reply)
Discussion started by: moon
1 Replies
Login or Register to Ask a Question