special more to read logs
From: @ (richard.lefebvreAROBAS(@)cercaPOINT(.)umontrealPOINT(.)ca)Date: 03/21/02
- Next message: Marlon: "ProtectX 3.05 says ShrLk21.ocx file missing. Need one."
- Previous message: Tracker: "Re: MAKING YOUR BROWSERS SAFE"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Richard Lefebvre <richard.lefebvreAROBAS(@)cercaPOINT(.)umontrealPOINT(.)ca> Date: Thu, 21 Mar 2002 19:09:47 GMT
Hi, I'm looking for a special perpose more (or less, or most) command
to read syslog from a firewall more efficiently. I already split
logs into parts but I still need a bit more. The context is this:
I do a more of the daily SYSLOG checking over stuff, then I get
some hacker that tried to access port AAAAA on every computer
in our network which generates hundreds line in the SYSLOG file
What I do is take a note, stop the more then restart the more
but with an egrep -v "BBB.CCC.DDD.EEE" SYSLOG | more and go
down to the time where I was before and keep on looking, until
the next time I get something else that generate hundreds of
similar lines. I again stop, note then tag an extra host IP to
the egrep and keep on going. The concept of going back to the
top over and over again is ridiculus. So what I would be looking
for is a more with an integrated egrep -v. I have looked at
the man pages of more/less/most but I couldn't find parameters
that would permit me to do an egrep -v on the fly. Does anyone
knows of a tool that will help me do that.
Rick
-- Richard Lefebvre, Sys-admin, CERCA, (514)369-5224 "Don't Panic" Richard.Lefebvre(@AROBAS)cerca(.POINT)umontreal(.POINT)ca -- THGTTG http://www.CERCA.UMontreal.CA/~rick/
- Next message: Marlon: "ProtectX 3.05 says ShrLk21.ocx file missing. Need one."
- Previous message: Tracker: "Re: MAKING YOUR BROWSERS SAFE"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
