bash - awk command to match multiple patterns -


i using awk command find entries in log file between 2 different times. have used command, , works:

awk '$0 >= "oct 04 12:00:00" && $0 <= "oct 04 12:30:00"' /var/log/messages

i want know how can search specific port allowed or blocked during time. example: if searching port 22 blocked between 12:00 12:30, how can search using awk command?

content of /var/log/messages file:

nov 5 8:44:30 system1 kernel [022525 252748] output dropped=eth0 out= mac=ff:ff:ff:ff:ff:ff:01:00:25:97:b2:47:01:00 src=10.0.0.1 dst=192.168.4.141 len=221 tos=0x00 prec=0x00 ttl=128 id=23315 proto=udp spt=183 dpt=183 len=209

the entries in log file similar above. want know how can match information between, let's say, 12:00 12:30 spt=80 , dpt=80

you can add more conditions && doing dates. can put regular expression between 2 forward slashes match against whole line/record.

awk '/port 22 (blocked|allowed)/ && $0 >= "oct 04 12:00:00" && $0 <= "oct 04 12:30:00"' /var/log/messages

of course can use parentheses , combinations of logical , (&&) and/or or (||) if need more complex rules.

i want know how can match information between, let's say, 12:00 12:30 spt=80 , dpt=80

following explanation above, add /spt=80/ && /dpt=80/ && ... conditions. note example line showed won't match, has spt , dpt values not 80 143.

and btw, keep in mind way filter date (for example $0 >= "oct 04 12:00:00" && $0 <= "oct 04 12:30:00") may not work dates crossing month boundaries, example lower bound in nov higher bound in dec not work.


-

Comments

Post a Comment

Popular posts from this blog

java - SSE Emitter : Manage timeouts and complete() -

i writing web app multiple listeners(evcentsource sse clients js) connected server . want store sse emitter per connected listener : can done in memory or other means assigning id each client able achieve far now question ; how send response/event specific client connected web app ? while doing sseemmiters stored either getting completed or timed out. how prevent ? how keep sseemmiter available open infinite time (till client closes) , send events selectively .
Read more

jquery - uncaught exception: DataTables Editor - remote hosting of code not allowed -

i'm trying implement crud operation using datatableseditor using datatables.but i'm getting error messages: 1)uncaught exception: datatables editor - remote hosting of code not allowed. please see http://editor.datatables.net details on how purchase editor license 2)typeerror: a.editor undefined 3) $.fn.datatable.editor not constructor" what reason? here configuration: <%@ page language="java" contenttype="text/html; charset=iso-8859-1" pageencoding="iso-8859-1"%> <!doctype html public "-//w3c//dtd html 4.01 transitional//en" "http://www.w3.org/tr/html4/loose.dtd"> <html> <head> <meta http-equiv="content-type" content="text/html; charset=iso-8859-1"> <title>insert title here</title> <link rel="stylesheet" type="text/css" href="//cdn.datatables.net/1.10.12/css/jquery.datatables.min.css"> <link re...
Read more

java - How to resolve error - package com.squareup.okhttp3 doesn't exist? -

i trying convert json java object use of gson in maven, following youtube video guidance - https://www.youtube.com/watch?v=vqgghm9pwe0 , theres error occurs when in main class error - package com.squareup.okhttp3 doesn't exist. code below: java package com.codebeasty.json; import com.squareup.okhttp3.okhttpclient; public class main { private static okhttpclient client = new okhttpclient(); public static void main (string [] args) { } } i put in dependency in pom.xml: <dependencies> <dependency> <groupid>com.squareup.okhttp3</groupid> <artifactid>okhttp</artifactid> <version>3.4.2</version> </dependency> <dependency> <groupid>com.google.code.gson</groupid> <artifactid>gson</artifactid> <version>2.8.0</version> </dependency> </dependencies> i dont understand why doesn't recognize com.squareup. there may need download? have downl...
Read more