-1

write a script that take going on date(like Mar 1) as argument and find invalid hits coming to the server and for the next day it will automatically update the date

i have tried this not working

d=date "+%h %d"
sudo cat /var/log/secure | grep d | grep Invalid | awk {print $1,$2,$8,$10} | sort | uniq -c

it is showing me(./currentlog.sh: line 32: +%h %e: command not found) but it is printing Feb 28 invalid as well as Mar 1 invalid user

Vadim Kotov
  • 8,084
  • 8
  • 48
  • 62
Abhishek Singh
  • 33
  • 4
  • Please review [homework guidance](https://meta.stackoverflow.com/questions/334822/how-do-i-ask-and-answer-homework-questions) – tripleee Mar 01 '21 at 19:01

1 Answers1

0

You have multiple syntax errors here.

  • d=date assigns the string date to the variable d and then attempts to run the token "+%h %d" as a command while this assignment is in place. You seem to be looking for d=$(date "+%h %d") which runs date "+%h %d" and assigns the output to the variable d.
  • You then use grep d but this will of course grep for the literal string d, not the variable.
  • Without quoting, the Awk script will have $1 replaced with the first argument to the current shell script, $2 with the second, etc. You are likely to receive a syntax error from Awk unless all these variables happen to contain valid Awk code.
  • You'll also want to avoid those useless greps

You probably were trying to write something like

sudo cat /var/log/secure |
awk -v d="$(date "+%h %d")" '
    /Invalid/ && ($0 ~ d) { print $1,$2,$8,$10}' |
sort | uniq -c

In some more detail, we assign the output of date to the Awk variable d and use the Awk pattern-matching language to only print lines which match this variable and the static pattern Invalid.

tripleee
  • 175,061
  • 34
  • 275
  • 318
  • sudo cat /var/log/secure |awk -v d="$(date --date="2 day ago")" '/Invalid/ && ($0 ~ d) {print $1,$2,$8,$10}'| sort | uniq -c – Abhishek Singh Mar 02 '21 at 05:26
  • Is that a question or an update, or did you just copy/paste into the wrong place? You forgot the format specifier so `date` probably doesn't produce the format you have in the log file. Try `d="$(date --date="2 days ago" +"%h %d")"` (assuming you have GNU `date`; on other platforms, you need a different syntax to specify the day before yesterday). – tripleee Mar 02 '21 at 05:28
  • If you didn't fix the error I pointed out then the reason is that the date you are passing in does not occur in the file at all, in the form you passed it in. That was sort of the reason I pointed it out, as I pointed out. – tripleee Mar 02 '21 at 05:40
  • Is there any common syntax to generate a log of "1 day ago" like i have to edit my script again again for two digit date like for Mar 1 i have to write sudo cat /var/log/secure |awk -v d="$(date --date="1 days ago" +"%h %e")" '/Invalid/ && ($0 ~ d) {print $1,$2,$8,$10}'| sort | uniq -c and for Feb 28 i have to write this sudo cat /var/log/secure |awk -v d="$(date --date="1 days ago" +"%h %d")" '/Invalid/ && ($0 ~ d) {print $1,$2,$8,$10}'| sort | uniq -c – Abhishek Singh Mar 02 '21 at 05:48
  • Are you asking about the date format, `%d` vs `%e`? Again, and/or still, without seeing what your data looks like, it's hard to guess what you are hoping to accomplish. – tripleee Mar 02 '21 at 05:54
  • yes i am asking about date format , i have to write a script that print the login attempt of invalid user for 1 day ago, as you have said d="$(date --date="1 days ago" +"%h %d")" here %d has the format of 01 for single digit date so i need to replace %d with %e to follow the format of /var/log/secure file I am trying to ask there is any common syntax to achieve this in single command – Abhishek Singh Mar 02 '21 at 06:17
  • Sounds like you should use `%e` everywhere if that's the date format used in the log. Please ask a new question if you have a new problem, this time ideally with enough details; see also [How to ask.](/help/how-to-ask) – tripleee Mar 02 '21 at 06:32