Simple security logs and statistics under CentOS shell script

It involves sensitive customer information has been processed

Following is a detailed explanation:

 

#!/bin/bash

 

read -p “please input the path of your logfiles,The Default is current path.

(Warning:Do not exists any other files!): ” path     #To accept user input path variable

echo “The tool is working, it’s depends on your file size.The pid is $$, please wait …” # $$ represents the current process working process in this work indicates that this shell process ID

 

countf = statisticslog.xls # define the final generated file

if [-n “$ path”] # -n test path variable value is not empty

then

directory = $ path

else

directory = $ PWD directory used to store variable values #

fi

for file in $ directory / * # all files with file variable cycle path, it prompts the user in addition to the beginning of the log file, and this file does not have other documents

do

if [“$ file”! = “$ directory / *”] # test file variable is just entered the path name

then

cat $ file >> “temp.txt” 2> / dev / null # “>>” # represents additional content to a new file representing the content of this document appended to # temp.txt This is a temporary file after all the work is completed

# Will automatically delete the following empathy

# 2> / dev / null not display an error message / dev / null

# Is a bottomless pit

 

 

else

echo “There are no files in your input path!” && exit 1  #打出错误并退出

fi

done

 

sed -i ‘/ ^ [^ 0-9] / d’ temp.txt # removed at the beginning of non-digital lines, -i is executed directly, no output on the screen, ^ [^ 0-9] is not a regular expression match In the beginning of the line d digital representation delete / ^ [^ 0-9] / d of non-digital means to delete the beginning of the line

sed -i ‘/ ^ $ / d’ temp.txt # remove blank line ^ $ is a regular expression indicates blank lines

printf “This section is the total attacks order by month: \ n” >> $ countf # “>>” indicates append to the file below the previously defined statisticslog.xls empathy

printf “Mounth \ tSum \ n” >> $ countf

# The following statistics are the total number of attacks per month and sorting

awk ‘BEGIN {FS = “-“;} {a [$ 2] + = 1;} END {for (i in a) printf (“% d \ t% d \ n”, i, a [i]); } ‘temp.txt | sort -nr -k 2 >> $ countf

#awk: BEGIN braces after the work that before awk process each row FS means that the definition of each line is not set by default field separator is a space where a “-” As each domain partition

# Intermediate braces showing the operation of each line represents the total number of attacks this month, for example, statistical 2013-01-03 $ 2 for the second field that is 01 $ 0 represents all that is 2013-01-03

#END Braces after the work that awk process after each line here through the array in a month for each element that is printed on the screen \ t represents a tab character \ n Enter representatives

#sort sort -n is expressed in numerical order such as 2 and 10 will not add -n 10 2 front row in descending -k -r is expressed in the second field to sort based on the total number of attacks here Sort

 

 

printf “\n*******************************************************\n” >> $countf

 

printf “This section is the total attacks order by ip,it’s top 10:\n” >> $countf

 

printf “ip\tSum\n” >> $countf

 

#以下统计的是每个ip的攻击总数 并排序 取前10

 

awk ‘{a[$4] += 1;}END{for (i in a) printf(“%s\t%d\n”,i,a[i]);}’ temp.txt | sort -nr -k 2 | head -10 >> $countf

 

#head -n #显示前n行

 

printf “\n*******************************************************\n” >> $countf

 

printf “This section is the total attacks order by sort,it’s top 10:\n” >> $countf

 

printf “sort\tSum\n” >> $countf

 

#以下统计的是每种攻击类型的攻击总数 并排序 取前10

 

awk ‘BEGIN{FS=”‘/””}{a[$2] += 1;}END{for (i in a) printf(“%s\t%d\n”,i,a[i]);}’ temp.txt | sort -nr -k 2 | head -10 >> $countf

 

# Note the use of single quotes do delimiters, in order to take out the full name of the type of attack in the form BEGIN.

# The reason for this because the single quotes directly write string output, shielding all the special characters. So first with a pair of single quotation marks to ensure that / ‘not escaped through the outer double quotes use / will’ manifested

# Of course, a better understanding of the following

#awk -F “‘”‘ {a [$ 2] + = 1;} END {for (i in a) printf (“% s \ t% d \ n”, i, a [i]);} ‘temp .txt | sort -nr -k 2 | head -10 >> $ countf

# -F Is also set field separator, shell double quotes are not strictly single quotes, will explain the meaning of special characters

rm -rf temp.txt # delete temporary files

echo “It’s finished, enjoy your job!” && exit 0 # successful exit exit 0 0 indicates that the successful implementation of the successful 1 failure

******************************** I was happy segmentation

线*************************************

 

脚本如下

#!/bin/bash

#made by ameng

 

read -p “please input the path of your logfiles,The Default is current path.

(Warning:Do not exists any other files!): ” path

 

echo “The tool is working,it’s depends on your file size.The pid is $$,please wait…”

 

countf=statisticslog.xls

 

if [ -n “$path” ]

then

directory=$path

else

directory=$PWD

fi

 

for file in $directory/*

do

if [ “$file” != “$directory/*” ]

then

cat $file >> “temp.txt” 2>/dev/null

else

echo “There are no files in your input path!” && exit 1

fi

done

 

sed -i ‘/^[^0-9]/d’ temp.txt

 

sed -i ‘/^$/d’ temp.txt

 

printf “This section is the total attacks order by month:\n” >> $countf

 

printf “Mounth\tSum\n” >> $countf

 

awk ‘BEGIN{FS=”-“;}{a[$2] += 1;}END{for (i in a) printf(“%d\t%d\n”,i,a[i]);}’ temp.txt | sort -nr -k 2 >> $countf

 

printf “\n*******************************************************\n” >> $countf

 

printf “This section is the total attacks order by ip,it’s top 10:\n” >> $countf

 

printf “ip\tSum\n” >> $countf

 

awk ‘{a[$4] += 1;}END{for (i in a) printf(“%s\t%d\n”,i,a[i]);}’ temp.txt | sort -nr -k 2 | head -10 >> $countf

 

printf “\n*******************************************************\n” >> $countf

 

printf “This section is the total attacks order by sort,it’s top 10:\n” >> $countf

 

printf “sort\tSum\n” >> $countf

 

awk  ‘BEGIN{FS=”‘\””}{a[$2] += 1;}END{for (i in a) printf(“%s\t%d\n”,i,a[i]);}’ temp.txt | sort -nr -k 2 | head -10 >> $countf

 

rm -rf temp.txt

 

echo “It’s finished,enjoy your job!” && exit 0

Leave a Reply

Your email address will not be published. Required fields are marked *