Login or Register to Ask a Question and Join Our Community


Shell Programming and Scripting

Extract IP addresses

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums Shell Programming and Scripting Extract IP addresses
# 1  
Old 03-24-2009
Extract IP addresses
The only way I could extract the user names and 'from' IP addresses is to use a few temp files. Split up by 'Failed keyboard-interactive' and 'Failed password'.

Anyone have any idea to do this all in one go?

Code:
aaa.bbb.ccc.ddd   2009-03-23 01:28:33     sshd[16272]: Failed keyboard-interactive/pam for invalid user jkljlkjlj from 111.222.333.444 port 52095 ssh2
aaa.bbb.ccc.ddd  2009-03-23 03:33:10     sshd[16648]: Failed password for invalid user oracle from 222.333.444.555 port 29093 ssh2
aaa.bbb.ccc.ddd   2009-03-23 05:23:53     sshd[17589]: Failed password for root from 333.444.555.666 port 59095 ssh2

Ideally, I am looking at the following columns:

Timestamp UserName SourceIP

From both of these 2 types of authentication log entries.
# 2  
Old 03-24-2009
Code:
$ cat bla.log
aaa.bbb.ccc.ddd   2009-03-23 01:28:33     sshd[16272]: Failed keyboard-interactive/pam for invalid user jkljlkjlj from 111.222.333.444 port 52095 ssh2
aaa.bbb.ccc.ddd  2009-03-23 03:33:10     sshd[16648]: Failed password for invalid user oracle from 222.333.444.555 port 29093 ssh2
aaa.bbb.ccc.ddd   2009-03-23 05:23:53     sshd[17589]: Failed password for root from 333.444.555.666 port 59095 ssh2
$
$ perl -pe 's/.*\s(\d{4}-\d{2}-\d{2} .*?)\s.*(user|for) (.*?) from (.*?) .*/$1 $3 $4/' bla.log
2009-03-23 01:28:33 jkljlkjlj 111.222.333.444
2009-03-23 03:33:10 oracle 222.333.444.555
2009-03-23 05:23:53 root 333.444.555.666
$

# 3  
Old 03-24-2009
awesome thanks.
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Extract e-mail addresses on a page

Hi I normally ask questions on coding but I think there is a code that can do this. I have regular text throughout my file and I want to extract all e-mail addresses from it (rather than going and searching each one). E-mails all have @ so I assume there is a way. Thanks Phil (6 Replies)
Discussion started by: phil_heath
6 Replies

2. Shell Programming and Scripting

Extract list of IP addresses from a text file.

I have an xml file with IP addresses all over the show. I want to print only the IP addresses and cut off any text before or after the IP address. Example: Note: The IP addresses (x.x.x.x) do not consistently appear in the xml file as per the pattern below. Sometimes there are text before... (8 Replies)
Discussion started by: lewk
8 Replies

3. IP Networking

Virtual IP addresses

How would i create virtual interface in linux to configure more than one IP address for a physical interface? any help wll be appreciated. https://www.unix.com/images/misc/progress.gif (1 Reply)
Discussion started by: salil2012
1 Replies

4. Shell Programming and Scripting

Need help with IP and MAC addresses

Hi, i am working on a project where i have to write a script to find out MAC addresses of the systems with given IP address. Can anybody tell me which command i can use to find MAC address if you know IP address of the machine. Thanks (5 Replies)
Discussion started by: manmeet
5 Replies

5. UNIX for Dummies Questions & Answers

Different ip addresses

Hello! I have logged in using Putty into another machine 'tele'. The ip address which i used to login to 'tele' is 192.168.1.3. Now while at 'tele' when i run "#ifconfig -a" i get the same ip address i.e, 192.168.1.3. But when i run "#arp tele" it gives the output: tele (10.143.128.8) ... (9 Replies)
Discussion started by: suhail.sadaqat
9 Replies

6. UNIX and Linux Applications

email addresses

Greetings to all. I have installed dadamail on my web site and it works extremely well. I have two questions: 1. I have modified dada to bounce bad emails, but only the first newsletter will use the modifications. If I create another list, it doesn't use the modification. What gives? 2. Are... (0 Replies)
Discussion started by: okbrowder
0 Replies

7. IP Networking

Ip Addresses

I'm not exactly sure what I can do with IPs... my friend won't tell me(don't ask me why, I figure it's cause he doesn't know either, hehe). I'm curious as to what theya re used for other than networking computers... if there IS any other purpose or use for them. That's all. --Evil_d00d (4 Replies)
Discussion started by: evil_d00d
4 Replies

8. IP Networking

ip addresses

this might sound corny but i need help finding out about finding a persons ip address can u halp? and another question what the hell does ping mean??? thank u. (2 Replies)
Discussion started by: dragonslayer100
2 Replies

9. UNIX for Dummies Questions & Answers

Hardware Addresses

can anyone tell me the procedure to view the MAC address for a system using linux (1 Reply)
Discussion started by: tcat
1 Replies

10. IP Networking

Finding IP Addresses

Is there anyway to tell what my NT IP is while logging into my UNIX box. I have users accessing our NT network and then telneting into our Unix Box. I would like to restrict access somehow. My who commands only returns the users name and pts device which changes. (1 Reply)
Discussion started by: golfs4us
1 Replies
Login or Register to Ask a Question