又來請教egrep+awk 分析資料了 - Linux
By Charlie
at 2008-05-16T22:03
at 2008-05-16T22:03
Table of Contents
[ /var/log/sudo的內容 ]
May 15 16:10:32 Machine-LAB sudo: root : TTY=pts/0 ; PWD=/root ;
USER=root ; COMMAND=/bin/cat /etc/passwd
May 16 14:20:02 Machine-LAB sudo: kacr999 : TTY=pts/1 ; PWD=/home/kacr999 ;
USER=root ; COMMAND=/usr/sbin/userdel kacr111
May 16 16:29:55 Machine-LAB sudo: root : TTY=pts/0 ; PWD=/root ;
USER=root ; COMMAND=/bin/cat /etc/passwd
May 16 16:39:21 Machine-LAB sudo: kacr999 : TTY=pts/1 ; PWD=/home/kacr999 ;
USER=root ; COMMAND=/usr/sbin/useradd -g 1001 -d /home/kacr111 -s /bin/csh -c
Peter Liao -m kacr111
May 16 16:40:40 Machine-LAB sudo: kacr999 : TTY=pts/1 ; PWD=/home ;
USER=root ; COMMAND=/usr/sbin/useradd -g 1001 -d /home/kacr111 -s /bin/csh -c
Peter Liao -m kacr111
May 16 16:41:38 Machine-LAB sudo: kacr999 : TTY=pts/1 ; PWD=/home ;
USER=root ; COMMAND=/usr/sbin/userdel kacr111
[Script的內容] ~不知道要修改 哪裡,才能使 原始資料列 不要一起印出來
#!/bin/bash
################################################################################
# Purpose : To generate the sudo report
################################################################################
YR=`date +%Y`
PATH=$PATH:/usr/sbin:/bin
if [ ! -d /var/log/aig_maintain ] ;then
mkdir -p /var/log/aig_maintain
fi
FILE-1=/var/log/aig_maintain/sa.txt
LOG_DATE=`date '+%b %e'`
sudo_file='/var/log/sudo'
echo -e "<<< SECURITY ADMIN ACTIVITIES REPORT >>>" > $FILE-1
egrep 'useradd|userdel|usermod' /var/log/sudo|grep "^$LOG_DATE" |while read
line;do
echo -e "`echo $line |awk '"date +%Y" | getline YR; {print
$3,$2,$1,YR,$6 }'`\t`echo $line|cut -d= -f4|cut -d\; -f1`\t`echo $line|cut
-d= -f5`" >> $FILE-1
done
echo -e "<<< End of Security Admin Activities Report >>>\n" >> $FILE-1
chmod 644 $FILE-1
[script產生的結果(原始資料也一起出現)]
<<< SECURITY ADMIN ACTIVITIES REPORT >>>
May 16 14:20:02 Machine-LAB sudo: kacr999 : TTY=pts/1 ; PWD=/home/kacr999 ;
USER=root ; COMMAND=/usr/sbin/userdel kacr111
14:20:02 16 May 2008 kacr999 root /usr/sbin/userdel kacr111
May 16 16:39:21 Machine-LAB sudo: kacr999 : TTY=pts/1 ; PWD=/home/kacr999 ;
USER=root ; COMMAND=/usr/sbin/useradd -g 1001 -d /home/kacr111 -s /bin/csh -c
Peter Liao -m kacr111
16:39:21 16 May 2008 kacr999 root /usr/sbin/useradd -g 1001 -d /home/kacr111
-s /bin/csh -c Peter Liao -m kacr111
May 16 16:40:40 Machine-LAB sudo: kacr999 : TTY=pts/1 ; PWD=/home ; USER=root
; COMMAND=/usr/sbin/useradd -g 1001 -d /home/kacr111 -s /bin/csh -c Peter
Liao -m kacr111
16:40:40 16 May 2008 kacr999 root /usr/sbin/useradd -g 1001 -d /home/kacr111
-s /bin/csh -c Peter Liao -m kacr111
May 16 16:41:38 Machine-LAB sudo: kacr999 : TTY=pts/1 ; PWD=/home ; USER=root
; COMMAND=/usr/sbin/userdel kacr111
16:41:38 16 May 2008 kacr999 root /usr/sbin/userdel kacr111
<<< End of Security Admin Activities Report >>>
[實際想要的結果]
<<< SECURITY ADMIN ACTIVITIES REPORT >>>
14:20:02 16 May 2008 kacr999 root /usr/sbin/userdel kacr111
16:39:21 16 May 2008 kacr999 root /usr/sbin/useradd -g 1001 -d /home/kacr111
-s /bin/csh -c Peter Liao -m kacr111
16:40:40 16 May 2008 kacr999 root /usr/sbin/useradd -g 1001 -d /home/kacr111
-s /bin/csh -c Peter Liao -m kacr111
16:41:38 16 May 2008 kacr999 root /usr/sbin/userdel kacr111
<<< End of Security Admin Activities Report >>>
--
May 15 16:10:32 Machine-LAB sudo: root : TTY=pts/0 ; PWD=/root ;
USER=root ; COMMAND=/bin/cat /etc/passwd
May 16 14:20:02 Machine-LAB sudo: kacr999 : TTY=pts/1 ; PWD=/home/kacr999 ;
USER=root ; COMMAND=/usr/sbin/userdel kacr111
May 16 16:29:55 Machine-LAB sudo: root : TTY=pts/0 ; PWD=/root ;
USER=root ; COMMAND=/bin/cat /etc/passwd
May 16 16:39:21 Machine-LAB sudo: kacr999 : TTY=pts/1 ; PWD=/home/kacr999 ;
USER=root ; COMMAND=/usr/sbin/useradd -g 1001 -d /home/kacr111 -s /bin/csh -c
Peter Liao -m kacr111
May 16 16:40:40 Machine-LAB sudo: kacr999 : TTY=pts/1 ; PWD=/home ;
USER=root ; COMMAND=/usr/sbin/useradd -g 1001 -d /home/kacr111 -s /bin/csh -c
Peter Liao -m kacr111
May 16 16:41:38 Machine-LAB sudo: kacr999 : TTY=pts/1 ; PWD=/home ;
USER=root ; COMMAND=/usr/sbin/userdel kacr111
[Script的內容] ~不知道要修改 哪裡,才能使 原始資料列 不要一起印出來
#!/bin/bash
################################################################################
# Purpose : To generate the sudo report
################################################################################
YR=`date +%Y`
PATH=$PATH:/usr/sbin:/bin
if [ ! -d /var/log/aig_maintain ] ;then
mkdir -p /var/log/aig_maintain
fi
FILE-1=/var/log/aig_maintain/sa.txt
LOG_DATE=`date '+%b %e'`
sudo_file='/var/log/sudo'
echo -e "<<< SECURITY ADMIN ACTIVITIES REPORT >>>" > $FILE-1
egrep 'useradd|userdel|usermod' /var/log/sudo|grep "^$LOG_DATE" |while read
line;do
echo -e "`echo $line |awk '"date +%Y" | getline YR; {print
$3,$2,$1,YR,$6 }'`\t`echo $line|cut -d= -f4|cut -d\; -f1`\t`echo $line|cut
-d= -f5`" >> $FILE-1
done
echo -e "<<< End of Security Admin Activities Report >>>\n" >> $FILE-1
chmod 644 $FILE-1
[script產生的結果(原始資料也一起出現)]
<<< SECURITY ADMIN ACTIVITIES REPORT >>>
May 16 14:20:02 Machine-LAB sudo: kacr999 : TTY=pts/1 ; PWD=/home/kacr999 ;
USER=root ; COMMAND=/usr/sbin/userdel kacr111
14:20:02 16 May 2008 kacr999 root /usr/sbin/userdel kacr111
May 16 16:39:21 Machine-LAB sudo: kacr999 : TTY=pts/1 ; PWD=/home/kacr999 ;
USER=root ; COMMAND=/usr/sbin/useradd -g 1001 -d /home/kacr111 -s /bin/csh -c
Peter Liao -m kacr111
16:39:21 16 May 2008 kacr999 root /usr/sbin/useradd -g 1001 -d /home/kacr111
-s /bin/csh -c Peter Liao -m kacr111
May 16 16:40:40 Machine-LAB sudo: kacr999 : TTY=pts/1 ; PWD=/home ; USER=root
; COMMAND=/usr/sbin/useradd -g 1001 -d /home/kacr111 -s /bin/csh -c Peter
Liao -m kacr111
16:40:40 16 May 2008 kacr999 root /usr/sbin/useradd -g 1001 -d /home/kacr111
-s /bin/csh -c Peter Liao -m kacr111
May 16 16:41:38 Machine-LAB sudo: kacr999 : TTY=pts/1 ; PWD=/home ; USER=root
; COMMAND=/usr/sbin/userdel kacr111
16:41:38 16 May 2008 kacr999 root /usr/sbin/userdel kacr111
<<< End of Security Admin Activities Report >>>
[實際想要的結果]
<<< SECURITY ADMIN ACTIVITIES REPORT >>>
14:20:02 16 May 2008 kacr999 root /usr/sbin/userdel kacr111
16:39:21 16 May 2008 kacr999 root /usr/sbin/useradd -g 1001 -d /home/kacr111
-s /bin/csh -c Peter Liao -m kacr111
16:40:40 16 May 2008 kacr999 root /usr/sbin/useradd -g 1001 -d /home/kacr111
-s /bin/csh -c Peter Liao -m kacr111
16:41:38 16 May 2008 kacr999 root /usr/sbin/userdel kacr111
<<< End of Security Admin Activities Report >>>
--
Tags:
Linux
All Comments
By Olga
at 2008-05-17T14:56
at 2008-05-17T14:56
By Michael
at 2008-05-17T16:04
at 2008-05-17T16:04
By Iris
at 2008-05-21T14:28
at 2008-05-21T14:28
By Odelette
at 2008-05-24T14:24
at 2008-05-24T14:24
By Ethan
at 2008-05-27T06:38
at 2008-05-27T06:38
By Elvira
at 2008-05-30T20:02
at 2008-05-30T20:02
By Wallis
at 2008-06-04T12:51
at 2008-06-04T12:51
By Edith
at 2008-06-07T19:03
at 2008-06-07T19:03
Related Posts
PPPoE Server的NAT設定
By Frederic
at 2008-05-16T22:02
at 2008-05-16T22:02
PPPoE Server的NAT設定
By Wallis
at 2008-05-16T20:54
at 2008-05-16T20:54
scim中的新酷音不能用鍵盤page up/pagedown
By Faithe
at 2008-05-16T18:44
at 2008-05-16T18:44
Ubuntu無線網路的怪問題
By Joe
at 2008-05-16T15:25
at 2008-05-16T15:25
kernel-headers
By Hazel
at 2008-05-16T14:02
at 2008-05-16T14:02