1

I'm trying to do this task The purpose of this task is to find bots inside huge logfile.

Lots of bots logged in to our service. They all do same thing very quickly, they log in, change password and log off all within one second. We want to find them in log.

also i want to write command in bash that will show all profiles meeting following criteria:

extract a specific data from log.txt

user logged in, user changed password, user logged of within same second (all 3 actions have to be done within 1 second) those actions (log in, change, log off) happend one after another with no other entires in between

fxsciaqulmlk - is typical profile name from the log file

small part of the log file

[a lot of data]
Mon, 22 Aug 2016 13:15:39 +0200|178.57.66.225|fxsciaqulmlk| - |user logged in| -
Mon, 22 Aug 2016 13:15:39 +0200|178.57.66.225|fxsciaqulmlk| - |user changed password| -
Mon, 22 Aug 2016 13:15:39 +0200|178.57.66.225|fxsciaqulmlk| - |user logged off| -
Mon, 22 Aug 2016 13:15:42 +0200|178.57.66.225|faaaaaa11111| - |user logged in| -
Mon, 22 Aug 2016 13:15:49 +0200|178.57.66.215|terdsfsdfsdf| - |user logged in| -
Mon, 22 Aug 2016 13:15:49 +0200|178.57.66.215|terdsfsdfsdf| - |user changed password| -
Mon, 22 Aug 2016 13:15:49 +0200|178.57.66.215|terdsfsdfsdf| - |user logged off| -
Mon, 22 Aug 2016 13:15:59 +0200|178.57.66.205|erdsfsdfsdf| - |user logged in| -
Mon, 22 Aug 2016 13:15:59 +0200|178.57.66.205|erdsfsdfsdf| - |user logged in| -
Mon, 22 Aug 2016 13:15:59 +0200|178.57.66.205|erdsfsdfsdf| - |user changed password| -
Mon, 22 Aug 2016 13:15:59 +0200|178.57.66.205|erdsfsdfsdf| - |user logged off| -
Mon, 22 Aug 2016 13:17:50 +0200|178.57.66.205|abcbbabab| - |user logged in| -
Mon, 22 Aug 2016 13:17:50 +0200|178.57.66.205|abcbbabab| - |user changed password| -
Mon, 22 Aug 2016 13:17:50 +0200|178.57.66.205|abcbbabab| - |user changed profile| -
Mon, 22 Aug 2016 13:17:50 +0200|178.57.66.205|abcbbabab| - |user logged off| -
Mon, 22 Aug 2016 13:19:19 +0200|178.56.66.225|fxsciulmla| - |user logged in| -
Mon, 22 Aug 2016 13:19:19 +0200|178.56.66.225|fxsciulmla| - |user changed password| -
Mon, 22 Aug 2016 13:19:19 +0200|178.56.66.225|fxsciulmla| - |user logged off| -
Mon, 22 Aug 2016 13:20:42 +0200|178.57.67.225|faaaa0a1111| - |user logged in| -
[a lot of data]

so I wrote this code : 

#!/bin/bash
log="/home/indra/Desktop/log.txt"
result="/home/indra/Desktop/bots.result"
> $result
while read line; do
 date=`echo "$line" | cut -d' ' -f1-5`
 ip=`echo "$line" | cut -d'|' -f2`
 user=`echo "$line" | cut -d'|' -f3`
 event=`echo "$line" | cut -d'|' -f5`
 echo "date:$date user:$user from ip:$ip $event" >> "$results"
done < "$log"

but when I try to run this code I get this massage :

indra@indra-PC:~$ bash '/home/indra/Desktop/shtry/try3.sh'
/home/indra/Desktop/shtry/try3.sh: line 22: : No such file or directory

How to fix this? I'm a beginner in bash

Ahmedsaber
  • 19
  • 1
  • 6
  • 1
    Refer to this post to find out the best way to read from a delimited file: http://stackoverflow.com/questions/9736202/bash-read-tab-separated-file-line-into-array – codeforester Feb 10 '17 at 19:07
  • 2
    You are using `$results`, not `$result`, as the name of the output file. – chepner Feb 10 '17 at 19:07
  • 1
    Please make sure to check your code through shellcheck.net before posting on SO. You would have caught your mistake right away. – codeforester Feb 10 '17 at 19:09
  • 1
    Please delete your Q, as it has no real value to others looking help with their problems. Thanks and Good luck. – shellter Feb 10 '17 at 20:40
  • I clarify your question to make it more sensible. You @Ahmedsaber can still edit it if it is not what you want. – Shakiba Moshiri Feb 10 '17 at 20:43
  • @Ahmedsaber Please **put** the desire **output** of your log file so that guys can help you so faster. also it is not a head task to do. It can be done by a single **Perl** on command line. **update** your question – Shakiba Moshiri Feb 10 '17 at 20:46
  • 2
    @k-five There is no question here; the problem was a typo. – chepner Feb 10 '17 at 21:08
  • Thanks all ,, i said my target is to " ser logged in, user changed password, user logged of within same second (all 3 actions have to be done within 1 second) those actions (log in, change, log off) happend one after another with no other entires in between " this is my output i want .. and when i run the code it's say " line 22: : No such file or directory " and i don't have any idea what is that error. just for explain. – Ahmedsaber Feb 11 '17 at 00:51
  • @codeforester i want to i want to extract a specific data from log.txt : user login , user changed password, user logged of ) within same second ... thanks for the post and https://www.shellcheck.net/ it's very useful – Ahmedsaber Feb 11 '17 at 01:12

0 Answers0