Clever Geek Handbook

How to properly pin this BASH operator?

What is the best loop to use for this line of code I have made that goes through the log file and finds lines that are not executed in $6

? Pretty fresh to BASH and LINUX and can't get any loop to work correctly.

Sep 13 12:09:39 icarus sshd[14043]: Failed none for invalid user 55659
Sep 13 12:09:43 icarus sshd[14043]: pam_unix(sshd:auth): check pass; user unknown
Sep 13 12:09:43 icarus sshd[14043]: pam_unix(sshd:auth):
Sep 13 12:09:44 icarus sshd[14043]: Failed password for invalid user 55659
Sep 13 12:09:48 icarus sshd[14043]: pam_unix(sshd:auth): check pass; user unknown
Sep 13 12:09:50 icarus sshd[14043]: Failed password for invalid user 55659 from

sample team

cat auth.log | sed -e 's/,//g' | awk -F" " '{print $6}'
+3


source to share


4 answers 


$ grep Failed auth.log
Sep 13 12:09:39 icarus sshd[14043]: Failed none for invalid user 55659
Sep 13 12:09:44 icarus sshd[14043]: Failed password for invalid user 55659
Sep 13 12:09:50 icarus sshd[14043]: Failed password for invalid user 55659 from


+1


source


If you want to use awk:

awk -F" " -e '/Failed/ {print $0}' auth.log


No sed or cat needed.

0


source


This looks for lines containing "Failed" (case sensitive) and just prints them,

awk '/Failed/ {print $0}' auth.log

I believe this is what you were looking for.

0


source


Instead of printing, $6

just print the lines where $6

"Failed" matches:

You had

cat auth.log | sed -e 's/,//g' | awk -F" " '{print $6}'

you can use

sed -e 's/,//g' auth.log | awk '$6=="Failed"'

(As others have pointed out, sed

can take a filename as an argument, and awk

by default it will strip out a space, so there is no need to provide an argument -F

.)

(There are no commas in your example input, so you might not even need the command sed

.)

0


source






More articles:


All Articles