Oct 8 21:40:19 cent sshd[1478]: Failed password for user1 from 10.211.55.21 port 53655 ssh2
Extract only IP from there and the result is
3 10.211.55.18
I want the numbers to come out in the front and the extraction to come out in the back, but the whole line keeps coming out.
The code I wrote is as follows.
sed -n "/$SED_FAIL from\(.*\)/\1/p" abc.log | sort | uniq -c | sort -nr
How do I change here to get that result? Please edit it...
For reference, the $SED_FAIL variable has "Failed password for user1".
linux
Please refer to the following.
allinux@kaggle:~/workspace/projects/shellscript/ex01$ cat a.log
Oct 8 21:40:00 cent unix_chkpwd[1480]: password check failed for user (user1)
Oct 8 21:40:00 cent sshd[1478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.221.55.2 user=user1
Oct 8 21:40:02 cent sshd[1478]: Failed password for user1 from 10.211.55.2 port 53639 ssh2
Oct 8 21:40:05 cent sshd[1479]: Connection closed by 10.211.55.2
Oct 8 21:40:08 cent sshd[1478]: Failed password for user1 from 10.211.55.21 port 53655 ssh2
Oct 8 21:40:12 cent sshd[1478]: Failed password for user1 from 10.211.55.18 port 53619 ssh2
Oct 8 21:40:19 cent sshd[1478]: Failed password for user1 from 10.211.55.21 port 53655 ssh2
Oct 8 21:40:32 cent sshd[1478]: Failed password for user1 from 10.211.55.18 port 53619 ssh2
Oct 8 21:40:37 cent sshd[1478]: Failed password for user1 from 10.211.55.18 port 53619 ssh2
Oct 8 21:40:46 cent sshd[1478]: Failed password for user1 from 10.211.55.21 port 53655 ssh2
Oct 8 21:40:49 cent sshd[1479]: Connection closed by 10.211.55.21
Oct 8 21:40:52 cent sshd[1478]: Failed password for user1 from 10.211.55.18 port 53619 ssh2
Oct 8 21:40:55 cent sshd[1478]: Failed password for user1 from 10.211.55.18 port 53619 ssh2
Oct 8 21:41:02 cent sshd[1479]: Connection closed by 10.211.55.18
allinux@kaggle:~/workspace/projects/shellscript/ex01$ sed -nr 's/.*from ([^ ]+).*/\1/p' a.log | sort | uniq -c
5 10.211.55.18
1 10.211.55.2
3 10.211.55.21
© 2024 OneMinuteCode. All rights reserved.