리눅스 역참조 특정부분 추출
조회수 519회
Oct 8 21:40:19 cent sshd[1478]: Failed password for user1 from 10.211.55.21 port 53655 ssh2
저기에서 IP만 추출해서 결과를
3 10.211.55.18
이런 식으로 앞에는 숫자가 나오고 뒤에 추출 내용이 나오게 하고 싶은데 계속 전체 행이 나오더라고요...
제가 작성한 코드는 아래와 같습니다.
sed -n "/$SED_FAIL from\(.*\)/\1/p" abc.log | sort | uniq -c | sort -nr
여기서 어떻게 바꿔야 저런 결과가 나오게 되는 건가요?? 수정 부탁드립니다...
참고로 $SED_FAIL 변수에는 "Failed password for user1"을 저장했습니다.
-
(•́ ✖ •̀)
알 수 없는 사용자
1 답변
-
아래 참고하세요.
allinux@kaggle:~/workspace/projects/shellscript/ex01$ cat a.log Oct 8 21:40:00 cent unix_chkpwd[1480]: password check failed for user (user1) Oct 8 21:40:00 cent sshd[1478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.221.55.2 user=user1 Oct 8 21:40:02 cent sshd[1478]: Failed password for user1 from 10.211.55.2 port 53639 ssh2 Oct 8 21:40:05 cent sshd[1479]: Connection closed by 10.211.55.2 Oct 8 21:40:08 cent sshd[1478]: Failed password for user1 from 10.211.55.21 port 53655 ssh2 Oct 8 21:40:12 cent sshd[1478]: Failed password for user1 from 10.211.55.18 port 53619 ssh2 Oct 8 21:40:19 cent sshd[1478]: Failed password for user1 from 10.211.55.21 port 53655 ssh2 Oct 8 21:40:32 cent sshd[1478]: Failed password for user1 from 10.211.55.18 port 53619 ssh2 Oct 8 21:40:37 cent sshd[1478]: Failed password for user1 from 10.211.55.18 port 53619 ssh2 Oct 8 21:40:46 cent sshd[1478]: Failed password for user1 from 10.211.55.21 port 53655 ssh2 Oct 8 21:40:49 cent sshd[1479]: Connection closed by 10.211.55.21 Oct 8 21:40:52 cent sshd[1478]: Failed password for user1 from 10.211.55.18 port 53619 ssh2 Oct 8 21:40:55 cent sshd[1478]: Failed password for user1 from 10.211.55.18 port 53619 ssh2 Oct 8 21:41:02 cent sshd[1479]: Connection closed by 10.211.55.18 allinux@kaggle:~/workspace/projects/shellscript/ex01$ sed -nr 's/.*from ([^ ]+).*/\1/p' a.log | sort | uniq -c 5 10.211.55.18 1 10.211.55.2 3 10.211.55.21
댓글 입력