Re: lug-bg: tail -f | grep ... | cut ... | awk ...
- Subject: Re: lug-bg: tail -f | grep ... | cut ... | awk ...
- From: vlk@xxxxxxxxxxxxxxxxx (Vesselin Kolev)
- Date: Thu, 31 Jan 2002 18:54:32 +0200
Vsaishko e dobre, no v prelude.log faila ne se pliue samo edin red
s IP adresa, a se pribavia cial blok ot redove v kraia na faila, eto
takyv:
*** Wed Jan 30 14:24:20 2002 - Wed Jan 30 14:24:23 2002
Plugin : HttpMod
Author : Yoann Vandoorselaere
Contact : yoann@xxxxxxxxxxxxxxxx
description : Snort based http decode plugin.
kind : May not be reliable
received : 6 times
message : ISS Unicode attack detected
Ether hdr : 0:40:95:34:40:8d -> 0:80:ad:b:b:4b [ether_type=ip (2048)]
Ip hdr : 62.158.170.2 -> 62.44.103.64
[hl=20,version=4,tos=22,len=185,id=12582,ttl=113]
Tcp hdr : 3678 -> 80 [flags=PUSH ACK
,seq=1232543859,ack=1830423927,win=9520]
Data hdr : size=145 bytes
Data hexadecimal dump follow :
47 45 54 20 2f 6d 73 61 64 63 2f 2e 2e 25 35 63 GET /msadc/..%5c
2e 2e 2f 2e 2e 25 35 63 2e 2e 2f 2e 2e 25 35 63 ../..%5c../..%5c
2f 2e 2e 35 35 2e 2e 2f 2e 2e 63 31 2e 2e 2f 2e /..55../..c1../.
2e 2f 2e 2e 2e 2f 77 69 6e 6e 74 2f 73 79 73 74 ./.../winnt/syst
65 6d 33 32 2f 63 6d 64 2e 65 78 65 3f 2f 63 2b em32/cmd.exe?/c+
64 69 72 20 48 54 54 50 2f 31 2e 30 0d 0a 48 6f dir HTTP/1.0..Ho
73 74 3a 20 77 77 77 0d 0a 43 6f 6e 6e 6e 65 63 st: www..Connnec
74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a 6e tion: close....n
65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d ection: close...
0a .
Tova idva na vednazh! T.e. nuzhno e da se otdeli ot vsiako novo dobaviane
reda zapocvasht s Ip hdr. Tazi programka na Perl shte mozhe da otdeli IP
adresa, samo ako i se podade saotvetnia red. Sega se opitah. Ako e samo s
redove, niama problemi, no ako ne e ... losho
On Thursday 31 January 2002 17:36, you wrote:
> On Thursday 31 January 2002 16:48, you wrote:
> > On Thu, 31 Jan 2002 16:16:52 +0200
> >
> > George Danchev wrote:
> > > tail -f /var/log/messages | ./borj.pl
> > > ./borj.pl: line 5: syntax error near unexpected token
> > > `($col1,$col2,$col3,$col4,$col5,$rest)'
> > > ./borj.pl: line 5: `my ($col1,$col2,$col3,$col4,$col5,$rest);'
> > >
> > > --
> > > Greets,
> > > fr33zb1
> >
> > Hm, pri mene si bachka OK, ja njakoj PERL guru da se proiznese. Da,
> > NetBSD e :)
> > Samo dava warning ot wida:
> >
> > Name "main::col1" used only once: possible typo at ./prelude.pl line 7.
> >
> > attachvam leko butnat variant (kozmetika) no tuk naistina raboti ...
> >
> > borj@borj borj$perl -v
> >
> > This is perl, v5.6.0 built for i386-netbsd
>
> This is perl, v5.6.1 built for i386-linux
>
> 10x sega e OK, dobra igra4ka :)
> dori nqma warningi... samo path-a promenih :)
> za zainteresovanite:
> http://elemag.virtualave.net/files/prelude
> ide re4 za /var/log/messages ... stoto s negovata struktura e syobrazeno.
===========================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers)
http://www.linux-bulgaria.org/ Hosted by Internet Group Ltd. - Stara Zagora
|