Re: extracting an IPv4 address from text?
- In reply to: Robert Huff : "extracting an IPv4 address from text?"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 07 Apr 2022 15:26:45 UTC
On Sat, 2 Apr 2022, Robert Huff wrote:
>
> Hello:
> Let's suppose I want to parse a line from auth.log and extract
> the IP address (if any) to stdout.
> I'm assuming there is a robust way to do this using standard
> command-line tools ... but my brain is flailing on the exact method.
> Anyone have a example they'd be willing to share? Or is this a
> problem already solved?
You got lots of cool answers to the question as asked. auth.log entries are
well formatted so the IP address appears in a known location.
I use the following to categorize invalid ssh attempts:
bzgrep -Ei "sshd.+from" auth.log | awk -F'sshd' '{print $2}' | awk '{print
$2,$3}' | icount | sort -nk 1
icount is a trivial perl script to count the number of lines it sees. Then
the above gives something like:
Unique IP addresses: 11
1 => Accepted publickey
5 => error: maximum
17 => Bad protocol
48 => Did not
104 => Disconnected from
104 => Received disconnect
113 => Failed keyboard-interactive/pam
113 => Postponed keyboard-interactive
198 => Invalid user
312 => error: PAM:
5106 => refused connect
6121 total attempts
Just a different way to approach the problem