I am using linux and trying to format logs. I have grepped for stuff like invalid users and /or error. However, the way the logs are formatted, sometimes the full error is not on the line, ie. it is on the next line. If I grep something, like:
cat /var/spool/mail/* |grep -i session |awk '{print $5}'
The information I want is in the log on the next line. Is there a way to get the following lines anyone can think of? Thanks so much for your help in advance.
Henry
Illegal users from:
192.168.42.22 (impala.snas-net): 1 time
**Unmatched Entries**
pam_succeed_if(sshd:auth): error retrieving information about user henry : 1 time(s)
If I cat for illegal, I don't find out where the 'illegal' is coming from because the actual ip is on the next line. Or the next line, where I grep for unmatched but don't get the user Henry.
I'm fairly new to scripting or not very knowledgeable at this time. Thanks.
---------- Post updated at 12:57 PM ---------- Previous update was at 12:50 PM ----------
Here is another sample of the log where I want to grab the second line following the line I grepped for.
I haven't been able to figure out how to insert a variable into the search field, or I'd provide that example... Here's something that will return the line that matches your search string AND the line that follows immediately afterward.
You might pass the log file in as an argument - so that it's not always checking the /var/spool/mail directory.
I'm getting there and I really appreciate everyone's help. Thank you all.
I tried Av's and Dan's code and they both worked. The last thing I tried was dan's awk statement, which produced this after a bit of tweaking.
**Unmatched Entries** unix_chkpwd[8788]: password check failed for user (henry)
**Unmatched Entries** unix_chkpwd[13474]: password check failed for user (henry)
**Unmatched Entries** unix_chkpwd[13474]: password check failed for user (henry)
**Unmatched Entries** unix_chkpwd[22256]: password check failed for user (henry)
**Unmatched Entries** unix_chkpwd[8788]: password check failed for user (henry)
**Unmatched Entries** unix_chkpwd[13474]: password check failed for user (henry)
**Unmatched Entries** unix_chkpwd[13474]: password check failed for user (henry)
**Unmatched Entries** unix_chkpwd[22256]: password check failed for user (henry)
which is very good. It seems like its looking for unmatched entries, I'm sure there's an easy way of looking for other items (multiple items) such as A or B or C. In my case it would be unmatched entries or Illegal users from? Thanks again, this has been great for me, I am finally learning how to script.
---------- Post updated at 09:56 AM ---------- Previous update was at 09:55 AM ----------
I am sorry, can you please explain this further?
You might pass the log file in as an argument - so that it's not always checking the /var/spool/mail directory.
I don't know how to pass the log file in as an argument.
Thanks.
Quote:
Originally Posted by avronius
I haven't been able to figure out how to insert a variable into the search field, or I'd provide that example... Here's something that will return the line that matches your search string AND the line that follows immediately afterward.
You might pass the log file in as an argument - so that it's not always checking the /var/spool/mail directory.
I'm new to utilities like socat and netcat and I'm not clear if they will do what I need.
I have a "compileDeployStartWebServer.sh" script and a "StartBrowser.sh" script that are started by emacs/elisp at the same time in two different processes.
I'm using Cygwin bash on Windows 10.
My... (3 Replies)
Hello all,
I am facing a weird issue while executing a code below -
#!/bin/bash
cd /wload/baot/home/baotasa0/sandboxes_finance/ext_ukba_bde/pset
sh UKBA_publish.sh UKBA 28082015 3
if
then
echo "Param file conversion for all the areas are completed, please check in your home directory"... (2 Replies)
I am trying to call a script(callingscript.sh) from a master script(masterscript.sh) to get string type value from calling script to master script. I have used scripts mentioned below.
#masterscript.sh
./callingscript.sh
echo $fileExist
#callingscript.sh
echo "The script is called"... (2 Replies)
I am using blow script :--
#!/bin/bash
FIND=$(ps -elf | grep "snmp_trap.sh" | grep -v grep) #check snmp_trap.sh is running or not
if
then
# echo "process found"
exit 0;
else
echo "process not found"
exec /home/Ketan_r /snmp_trap.sh 2>&1 & disown -h ... (1 Reply)
Hi guys
I have a shell script that executes sql statemets and sends the output to a file.the script takes in parameters executes sql and sends the result to an output file.
#!/bin/sh
echo " $2 $3 $4 $5 $6 $7
isql -w400 -U$2 -S$5 -P$3 << xxx
use $4
go
print"**Changes to the table... (0 Replies)