Date: Thu, 7 Apr 2022 15:26:45 +0000 (UTC) From: doug <doug@safeport.com> To: questions@freebsd.org Subject: Re: extracting an IPv4 address from text? Message-ID: <e73365a4-5691-128c-6281-d9ebcb74d67@safeport.com> In-Reply-To: <25160.44484.392802.868667@jerusalem.litteratus.org> References: <25160.44484.392802.868667@jerusalem.litteratus.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 2 Apr 2022, Robert Huff wrote:
>
> Hello:
> Let's suppose I want to parse a line from auth.log and extract
> the IP address (if any) to stdout.
> I'm assuming there is a robust way to do this using standard
> command-line tools ... but my brain is flailing on the exact method.
> Anyone have a example they'd be willing to share? Or is this a
> problem already solved?
You got lots of cool answers to the question as asked. auth.log entries are
well formatted so the IP address appears in a known location.
I use the following to categorize invalid ssh attempts:
bzgrep -Ei "sshd.+from" auth.log | awk -F'sshd' '{print $2}' | awk '{print
$2,$3}' | icount | sort -nk 1
icount is a trivial perl script to count the number of lines it sees. Then
the above gives something like:
Unique IP addresses: 11
1 => Accepted publickey
5 => error: maximum
17 => Bad protocol
48 => Did not
104 => Disconnected from
104 => Received disconnect
113 => Failed keyboard-interactive/pam
113 => Postponed keyboard-interactive
198 => Invalid user
312 => error: PAM:
5106 => refused connect
6121 total attempts
Just a different way to approach the problem
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?e73365a4-5691-128c-6281-d9ebcb74d67>