Question

8

How to use syslog for else output ( show up with whois - query )?

rated 0 times [ 8] [ 0] / answers: 1 / hits: 1318 / 2 Years ago, mon, july 25, 2022, 4:01:34

There is log-file /var/log/syslog
with the output of ip-addresses
like e.g. SRC=10.158.0.1.

I want to scan from this file every printed address in SRC= ... and then to make query with whois (SRC= ...).

This query should be monitored.

Mine attempt is wrong and looks like this in a bash-script:

#/bin/bash



while [ 1 ]

do

    grep ‘SRC=ip-address’ /var/log/syslog >> /home/$user/topsecret001/pitbull001.txt;

    whois ‘SRC=ip-address’ >> /home/$user/topsecret001/pitbull002.txt;

done

Can somebody help with a trick ? How should I define ip-address and how can
I use command whois with this ip-address ?

The output of /var/log/syslog looks like this snippet here :

http://paste.ubuntu.com/5859332/

The output of /var/log/syslog looks like this - when there is a little alert (like today) :

http://paste.ubuntu.com/5862958/

Idea would be too - to perform a whois-query only if there is "invalid state" popping up in the line of the scrolling syslog.

Thank you for your contributions. I have learnt something by your codes. Often the solutions are looking easier than thought like here - cause I thought it would be more difficulty. I think with recent contribution of enzotib then this question is solved already now.

see new comment of today (22nd June 2016) referring to 16.04 :

because this bash-script was for times of ipv4 - does then /etc/sysctl.conf needs to be un-commented to enable ipv4 ? - then this script would run ? otherwise there is no whois-output any more like before. Have checked this with uncommenting line 28 and line 33 of /etc/sysctl.conf - then this bash-script in this thread would work, but deliver very few output because provider has enabled firewall (because of no-spy-act ?). This way by this addition of 22nd June 2016 this thread is actualized for 16.04

Answers

Only authorized users can answer the question. Please sign in first, or register a free account.

tresein

Add To Favorites

Follow

Total Points: 197

Total Questions: 113

Total Answers: 112

Location: Hungary

Member since Wed, Nov 9, 2022

2 Years ago

tresein questions

1 No sound output or microphone input on Ubuntu 22.04

Tue, Jun 28, 22, 17:57, 2 Years ago

1 Can't connect to VPN after upgrading to Ubuntu 22.04

Sun, Apr 3, 22, 07:11, 2 Years ago

1 Ubuntu Server "shuts down" ~daily

Thu, Feb 3, 22, 18:03, 2 Years ago

1 How to install TortoiseHg on Ubuntu 20.04 from its source code

Sat, Oct 23, 21, 08:56, 3 Years ago

1 Renaming muliple files at once

Sat, May 13, 23, 13:00, 1 Year ago

View All

answered 2 Years ago etzelmortg · Accepted Answer

Yet another solution:

awk '{ 

      for (i = 1; i <= NF; i++) 

        if ($i ~ /^SRC=/) 

          print substr($i, 5) 

    }' /var/log/syslog |

  sort -u |

  while read ip; do

    printf ' === %s ===

' "$ip"

    whois "$ip"

  done

If you only want to select lines of syslog containing the string INVALID STATE, then the above code can be modified as follows

awk '/INVALID STATE/ { 

      for (i = 1; i <= NF; i++) 

        if ($i ~ /^SRC=/) 

          print substr($i, 5) 

    }' /var/log/syslog |

  sort -u |

  while read ip; do

    printf ' === %s ===

' "$ip"

    whois "$ip"

  done