Extract specific parts of Linux reverse references

Asked 2 years ago, Updated 2 years ago, 42 views 

Oct 8 21:40:19 cent sshd[1478]: Failed password for user1 from 10.211.55.21 port 53655 ssh2

Extract only IP from there and the result is

3 10.211.55.18

I want the numbers to come out in the front and the extraction to come out in the back, but the whole line keeps coming out.

The code I wrote is as follows.

sed -n "/$SED_FAIL from\(.*\)/\1/p" abc.log | sort | uniq -c | sort -nr

How do I change here to get that result? Please edit it...

For reference, the $SED_FAIL variable has "Failed password for user1".

linux

2022-09-20 19:49

1 Answers

Please refer to the following.

allinux@kaggle:~/workspace/projects/shellscript/ex01$ cat a.log
Oct 8 21:40:00 cent unix_chkpwd[1480]: password check failed for user (user1)
Oct 8 21:40:00 cent sshd[1478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.221.55.2 user=user1
Oct 8 21:40:02 cent sshd[1478]: Failed password for user1 from 10.211.55.2 port 53639 ssh2
Oct 8 21:40:05 cent sshd[1479]: Connection closed by 10.211.55.2
Oct 8 21:40:08 cent sshd[1478]: Failed password for user1 from 10.211.55.21 port 53655 ssh2
Oct 8 21:40:12 cent sshd[1478]: Failed password for user1 from 10.211.55.18 port 53619 ssh2
Oct 8 21:40:19 cent sshd[1478]: Failed password for user1 from 10.211.55.21 port 53655 ssh2
Oct 8 21:40:32 cent sshd[1478]: Failed password for user1 from 10.211.55.18 port 53619 ssh2
Oct 8 21:40:37 cent sshd[1478]: Failed password for user1 from 10.211.55.18 port 53619 ssh2
Oct 8 21:40:46 cent sshd[1478]: Failed password for user1 from 10.211.55.21 port 53655 ssh2
Oct 8 21:40:49 cent sshd[1479]: Connection closed by 10.211.55.21
Oct 8 21:40:52 cent sshd[1478]: Failed password for user1 from 10.211.55.18 port 53619 ssh2
Oct 8 21:40:55 cent sshd[1478]: Failed password for user1 from 10.211.55.18 port 53619 ssh2
Oct 8 21:41:02 cent sshd[1479]: Connection closed by 10.211.55.18
allinux@kaggle:~/workspace/projects/shellscript/ex01$ sed -nr 's/.*from ([^ ]+).*/\1/p' a.log | sort | uniq -c
      5 10.211.55.18
      1 10.211.55.2
      3 10.211.55.21

2022-09-20 19:49

If you have any answers or tips

Popular Tags
python x 4647
android x 1593
java x 1494
javascript x 1427
c x 927
c++ x 878
ruby-on-rails x 696
php x 692
python3 x 685
html x 656
Popular Questions

585 PHP ssh2_scp_send fails to send files as intended

577 Who developed the "avformat-59.dll" that comes with FFmpeg?

627 Uncaught (inpromise) Error on Electron: An object could not be cloned

620 GDB gets version error when attempting to debug with the Presense SDK (IDE)

925 When building Fast API+Uvicorn environment with PyInstaller, console=False results in an error

© 2024 OneMinuteCode. All rights reserved.