: 17:07:14 Security alert: 10 Permission Denied Requests from the same IP. : 22:08:14 security alert: 10 times failed login from the same IP So, for example, if we double-quote COMMAND, the $TAR_FILENAME variable will be expanded by the shell when invoking the tar command: $ tar xzf app_ -to-command="grep -label=$TAR_FILENAME -Hi 'security alert' true" This is because the TAR_* variables are assigned during tar‘s execution and passed to COMMAND. Therefore, we add the true command at the end to make COMMAND always return 0 and suppress those error messages.Īnother point we should note is we’ve wrapped COMMAND with single quotes. This messes up the output, which is definitely not what we want. Tar: Exiting with failure status due to previous errors Logs/app2/user.log: 22:08:14 security alert: 10 times failed login from the same IP $ tar xzf app_ -to-command='grep -label=$TAR_FILENAME -Hi "security alert"' Therefore, zgrep can search the files’ content in a compressed archive, but it cannot tell which file inside the archive hits the match. Here, we use the -O option to ask the tar command to extract files to Stdout instead of disk. Simply put, zgrep uses gzip to decompress the files to Stdout and pipes it to grep to perform the search.īasically, it’s pretty similar to the command: tar xzfO app_ | grep -Hai 'security alert' That means we can read the source to understand how it works. usr/bin/zgrep: POSIX shell script, ASCII text executable Next, to figure out why it happens, we need to understand how zgrep works.įirst, zgrep is just a shell script: $ file $(which zgrep) However, if we take a closer look at the filenames in the output, we only see the tar.gz file’s name instead of the names of the log files in the archive. -i: Ignore case distinctions when matching patternsĪs the output above shows, zgrep has successfully found the three “ security alert” occurrences.Therefore, these three steps may increase the disk IO load dramatically. Also, the files in the archive can be much bigger than our example. However, in the real world, the tarball may contain a significant number of files. Our example has only four small log files. This can be the most straightforward way to achieve the goal. Doing a grep search on the extracted files.Extracting all files from the tarball to a directory.The first idea that may come up for solving the problem is probably the three-step solution: Logs/app1/user.log: 22:18:10 security alert: 10 times failed login from the same IP ![]() Logs/app1/app.log: 17:07:14 Security alert: 10 Permission Denied Requests from the same IP. We expect to see three files in the result with the matched log entries: logs/app2/user.log: 22:08:14 security alert: 10 times failed login from the same IP ![]() Now, let’s say we want to do a case-insensitive search in the app_ tarball to find out which log files contain “ security alert” messages.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |