我有这个下面的脚本,计划按小时进行一次cron计划,以查看在什么时候进行了几次新的失败尝试。
[root@server123 abc123]# cat script
#!/bin/bash
# Checks if the log file exists
if [ ! -e Internal_LogFile ] ; then
grep "Authentication <failed> for <Active Directory> user: <xyz123>" secure.log > Internal_LogFile
else
#> Internal_LogFile
comm -23 <(grep "Authentication <failed> for <Active Directory> user: <xyz123>" secure.log | sort) <(sort Internal_LogFile) > Internal_LogFile
fi
[root@server123 abc123]#
我们寻找secure.log文件,在其中可以看到失败尝试日志条目。我打算单独捕获那些具有特定ID的对象,然后将这些条目保存在一个名为Internal_LogFile的新文件中。并计划在邮件中转发此Internal_LogFile。
这是我到目前为止尝试过的,如果您看到secure.log-出现1条失败条目。
[root@server123 abc123]# cat secure.log
1st line
2nd line
Authentication <failed> for <Active Directory> user: <xyz123>
[root@server123 abc123]#
运行脚本后,我得到了预期的结果
[root@server123 abc123]# bash script
[root@server123 abc123]# ls
Internal_LogFile script secure.log
[root@server123 abc123]# cat Internal_LogFile
Authentication <failed> for <Active Directory> user: <xyz123>
[root@server123 abc123]#
但是当secure.log用下一个失败日志更新时,我打算的输出只是新的,因此我使用comm&sort,然后将新的输出覆盖到文件中。
[root@server123 abc123]# echo -e "4th line\n5th line\n6th line Authentication <failed> for <Active Directory> user: <xyz123>" >> secure.log
[root@server123 abc123]# cat secure.log
1st line
2nd line
Authentication <failed> for <Active Directory> user: <xyz123>
4th line
5th line
6th line Authentication <failed> for <Active Directory> user: <xyz123>
[root@server123 abc123]#
当我手动运行它时,我只会看到想要的结果,
[root@server123 abc123]# comm -23 <(grep "Authentication <failed> for <Active Directory> user: <xyz123>" secure.log | sort) <(sort Internal_LogFile)
6th line Authentication <failed> for <Active Directory> user: <xyz123>
但是当我执行此操作时,它不会覆盖文件,尽管我没有在脚本中附加>>,它只是>。
[root@server123 abc123]# bash script
[root@server123 abc123]#
[root@server123 abc123]# cat Internal_LogFile
6th line Authentication <failed> for <Active Directory> user: <xyz123>
Authentication <failed> for <Active Directory> user: <xyz123>
当前代码:
[root@server123 abc123]# cat script
#!/bin/bash
# Checks if the log file exists
if [ ! -e Internal_LogFile ] ; then
grep "Authentication <failed> for <Active Directory> user: <xyz123>" secure.log > Internal_LogFile
else
comm -23 <(grep "Authentication <failed> for <Active Directory> user: <xyz123>" secure.log | sort) <(sort Internal_LogFile) > Internal_LogFile
fi
[root@server123 abc123]#