使用WHILE DO GREP

时间:2011-03-08 14:19:51

标签: bash loops grep cat

我正在努力使这项工作,但没有输出。我在这里尝试做的是从一个txt文件,它有多个名称将是grep并导出与用户名匹配的IP地址。并将继续循环读取每一行并导出到BadIP.out任何帮助?

#!/bin/sh

    cat /Badusers.txt

    while IFS= read -r LINE
    do
    grep '"$LINE"' /var/log/test.log 
    awk -F" " '{print $8}' 
    grep -o '^[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' > /badIP.out

    done </badIP.out

更新

让我从头开始,因为我现在只发布了我遇到问题的地方。

我有一台运行2个相同程序的服务器。我给我的客户2个连接,每个程序从一个设备连接。最近我发现其中有一些是单独使用它们所以我不得不从日志中发明一些东西。

程序会记录自己的数据,如IP,用户名和NODEID。从nodeID,您可以验证用户是否在作弊。我想比较每个程序的日志并匹配提取数据以匹配。如果它匹配则表示一切正常,如果NodeID失败则意味着作弊。所以我做的就是这个

1)我通过匹配用户的NodeID来抓取程序的两个日志 2)然后将它们从该日志导出到另一个日志我必须将用户与nodeid分开,因为日志将它们作为整个单词与“@”连接起来 3)将用户名与NodeID分开(导出到txt文件) 4)使用脚本使用循环读取TXT文件并将日志提取到与用户名匹配的IP地址并将其导出到BadIP.out 5)然后使用循环读取BADIP.out来禁止使用IPtables的用户IP

我创建了这些文件。附:我不是开发人员:))

这是我运行的程序

#!/bin/bash
./cam.sh
./cam2.sh
diff -i -b -B -q cam.txt cam2.txt
if [ ! $? -eq 0 ]; then
echo "**** File has changed*****" 
diff <(sort /cam.txt) <(sort /cam2.txt)|awk '/^</{print $5>"temp1.out"}/^>/{print $5>"temp2.out"}'
#awk -F "@" 'BEGIN{while(getline<"temp1.out") a [$1]=1 } ; a[$1] !=2 {print $1}' temp2.out 
awk -F'@' 'BEGIN{while(getline<"cam.txt") a[$2,$3]=1};a[$2,$3]!=1' cam2.txt >> /notify.txt
#diff -i -b -B -y temp1.out temp2.out >> /diff.txt
grep 'client' /notify.txt | awk -F" " '{print $4}' | cut -d@ -f1 >> /Badusers.txt
grep 'client' /notify.txt | awk -F" " '{print $4}' | cut -d@ -f2 | awk -F "," '{print $1}' >> /Badnodeid.txt
./mail.sh
#rm *.txt
#rm *.out
else
echo "same"
fi

这个从program1读取到log1

cam.sh 

#!/bin/bash

for filename in /var/log/test.log; do
 if [ "$(grep "xyz" $filename)" ]; then
awk '/xyz/ && $8 == version' $filename >> /cam.txt
 else
   echo "$time Boo!! Failure.."
 fi
done

这个从program2读取到log2

cam2.sh 

#!/bin/bash

for filename in /var/log/test2.log; do
 if [ "$(grep "xyz" $filename)" ]; then
awk '/xyz/ && $8 == version' $filename >> /cam2.txt
 else
   echo "$time Boo!! Failure.."
 fi
done

这个用户发送电子邮件

mail.sh 

#!/bin/bash
mutt -s "Test mail" -a /notify.txt *****@gmail.com < /notify.txt

记录样本

cam.txt&amp; cam2.txt 

03:00:08.818 Prg: client xyz661s@e15279f57cc56c7f, running Prg 2.1.4
03:00:08.942 Prg: client xyz886s@1c8f2a6efe3963d7, running Prg 2.2.1
03:00:09.576 Prg: client xyz502s@165e25ac273d4751, running Prg 2.1.4
03:00:10.235 Prg: client xyz852s@6a16130252dea90a, running Prg 2.1.4
03:00:11.677 Prg: client xyz808s@ed52ddf03f1e7111, running Prg 2.1.3
03:00:11.685 Prg: client xyz034s@63007fd8e9591501, running Prg 2.1.4
03:00:11.687 Prg: client xyz885s@84ac60cf204e94a2, running Prg 2.2.1
03:00:11.796 Prg: client xyz687s@f6492af984a26f37, running Prg 2.1.4
03:00:11.818 Prg: client xyz584s@6b70bcc9670dd4f4, running Prg 2.1.1
03:00:11.891 Prg: client xyz544s@5c3284516ab8e072, running Prg 2.2.1
03:00:11.895 Prg: client xyz529s@f9c0fc6756d62f4f, running Prg 2.1.4
03:00:11.912 Prg: client xyz509s@dfb6da96a35a3022, running Prg 2.1.4
03:00:11.915 Prg: client xyz581s@6d7512ee647d3441, running Prg 2.1.2

badusers.txt 

xyz712s
xyz553s
xyz500s
xyz676s
xyz553s
xyz712s
xyz697s

badnodeid.txt 

403a8a9fe084b6cb
d6fe8f201e4d854e
5a7321d7b49cef9b
6da486276fafe5f5
d6fe8f201e4d854e

notify.txt 

03:00:11.715 Prg: client xyz712s@403a8a9fe084b6cb, running Prg 2.1.3
03:00:13.674 Prg: client xyz553s@d6fe8f201e4d854e, running Prg 2.2.1
03:00:16.260 Prg: client xyz500s@5a7321d7b49cef9b, running Prg 2.1.4
10:02:42.961 Prg: client xyz676s@6da486276fafe5f5, running Prg 2.2.1
10:53:55.374 Prg: client xyz553s@d6fe8f201e4d854e, running Prg 2.2.1
12:36:32.885 Prg: client xyz712s@403a8a9fe084b6cb, running Prg 2.1.3
12:36:54.283 Prg: client xyz697s@51724d66fec8da4c, running Prg 2.1.4
12:37:21.052 Prg: client xyz712s@403a8a9fe084b6cb, running Prg 2.1.3

temp1.out 

xyz661s@e15279f57cc56c7f,
xyz886s@1c8f2a6efe3963d7,
xyz502s@165e25ac273d4751,
xyz852s@6a16130252dea90a,
xyz808s@ed52ddf03f1e7111,
xyz034s@63007fd8e9591501,

temp2.​​out 

xyz661s@e15279f57cc56c7f,
xyz886s@1c8f2a6efe3963d7,
xyz502s@165e25ac273d4751,
xyz852s@6a16130252dea90a,
xyz021s@1ad450e34bc26dc7,
xyz712s@403a8a9fe084b6cb,
xyz544s@5c3284516ab8e072,

现在剩下的就是让上面脚本的while循环从test.log中获取用户并找到他们的IP,将它们导出到BadIP.out然后我需要这样的东西来BAN 

$logdir/badIP.out > $logdir/badIP.block
while IFS= read -r EachLine
do
command="iptables -A INPUT -s "$EachLine" -j DROP"
echo $command
$command
done < $logdir/badIP.block
rm $logdir/badIP.block
if [ -s $logdir/illegaluser.txt ] ; then
iptables-save -c > $logdir/iptables-save.new

2 个答案:

答案 0 :(得分:0)

您正在从/badIP.out读取然后在while读取循环内,第二个grep命令缺少文件输入。另外,为什么重定向回badIP.out?使用不同的文件名。

答案 1 :(得分:0)

看起来你需要使用以下其中一个:

fgrep -f /badIP.out /var/log/test.log

grep -F -f /badIP.out /var/log/test.log

除非你的/badIP.out文件非常大,否则这将非常有效。您可能决定要对输出进行排序,以便在输出中将单个“坏IP”的数据放在一起,但可靠地执行此操作需要了解文件格式。

相关问题
最新问题