+ Responder ao Tópico



  1. #1

    Padrão AWK e log Syslog

    Colegas, preciso fazer um script para refinar esse tipo de log abaixo:

    Jun 5 04:19:31 fw2000 fw2000 dhcpd: Both dynamic and static leases present for 10.0.1.108.
    Jun 5 04:19:31 fw2000 fw2000 dhcpd: Either remove host declaration Alcy or remove 10.0.1.108
    Jun 5 04:19:31 fw2000 fw2000 dhcpd: from the dynamic address pool for 10.0.0.0
    Jun 5 04:19:31 fw2000 fw2000 dhcpd: DHCPREQUEST for 10.0.1.108 from 00:0d:88:9d:b8:05 via eth0
    Jun 5 04:19:31 fw2000 fw2000 dhcpd: DHCPACK on 10.0.1.108 to 00:0d:88:9d:b8:05 via eth0
    Jun 5 04:20:32 fw2000 fw2000 dhcpd: Both dynamic and static leases present for 10.0.1.141.
    Jun 5 04:20:32 fw2000 fw2000 dhcpd: Either remove host declaration PrefeituraMunicipal or remove 10.0.1.141
    Jun 5 04:20:32 fw2000 fw2000 dhcpd: from the dynamic address pool for 10.0.0.0
    Jun 5 04:20:32 fw2000 fw2000 dhcpd: DHCPREQUEST for 10.0.1.141 from 00:0f:3d:68:1a:9d via eth0
    Jun 5 04:20:32 fw2000 fw2000 dhcpd: DHCPACK on 10.0.1.141 to 00:0f:3d:68:1a:9d via eth0
    Jun 5 04:24:31 fw2000 fw2000 dhcpd: Both dynamic and static leases present for 10.0.1.108.
    Jun 5 04:24:31 fw2000 fw2000 dhcpd: Either remove host declaration Alcy or remove 10.0.1.108
    Jun 5 04:24:31 fw2000 fw2000 dhcpd: from the dynamic address pool for 10.0.0.0
    Jun 5 04:24:31 fw2000 fw2000 dhcpd: DHCPREQUEST for 10.0.1.108 from 00:0d:88:9d:b8:05 via eth0
    Jun 5 04:24:31 fw2000 fw2000 dhcpd: DHCPACK on 10.0.1.108 to 00:0d:88:9d:b8:05 via eth0
    Jun 5 04:25:32 fw2000 fw2000 dhcpd: Both dynamic and static leases present for 10.0.1.141.
    Jun 5 04:25:32 fw2000 fw2000 dhcpd: Either remove host declaration PrefeituraMunicipal or remove 10.0.1.141
    Jun 5 04:25:32 fw2000 fw2000 dhcpd: from the dynamic address pool for 10.0.0.0

    Esse script é do log dhcp do meu firewall, e eu precisava saber quem estaria online nos ultimos 5 minutos, sendo assim penso em fazer um script com AWK para refinar esse log, e gostaria de ter uma saída neste formato:

    Usuário | IP | MAC | Data/Hora


    se alguém puder ajudar, ficarei muito grato.

  2. #2

    Padrão AWK e log Syslog

    cat log | grep DH | awk {'print $9 $11 $1 $2 $3'}



  3. #3
    Fabio_Laé
    Visitante

    Padrão AWK e log Syslog

    Cara,

    arp -a , mostra quem se comunicou com o seu host nos últimos 20 minutos aproximadamente. Acho que isso pode te ajudar.

    Abraços,

    Fabio Laé