LinuxQuestions.org - [Help] Script two look into 2 different logs and action

- Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)

- - [Help] Script two look into 2 different logs and action (https://www.linuxquestions.org/questions/linux-newbie-8/%5Bhelp%5D-script-two-look-into-2-different-logs-and-action-860715/)

[Help] Script two look into 2 different logs and action

Hi guys

I need someone who can help me in this matter

I have a server with logs running. People connect to server. This server is running the same application as a failover just in case it stops. I have a doubt that some clients are connecting from different places as the nodeID is changed

SO I need to make a script which reads both logs that are called server1.log and server2.log and where it finds a nodeID which does not match in both logs it action with fail2ban

I don't know whether this can be done directly via fail2ban since it is the program which I know that reads between logs but as far as I know it cannot match data with another log

This is an Example:

Code:

Log 1



03:00:08.905 client qwe696s@894b226f7846d9df, running version 2.1



Log 2

03:00:08.905 client qwe696s@894b226f7846d9dd, running version 2.1

Quote:

qwe696s is the username
894b226f7846d9df is the NODEID

AS you can see from the logs nodeid is different

Would really appreciate your help in this matter

Running: Debian 5.0

In essence this looks like fixing symptoms instead of addressing the cause to me. Wouldn't the latter be more efficient? What application are we talking about? Why does the application go down in the first place? Does it hang? Does debug logging show clues? Or it it just buggy? How will you know it's down? Could monitoring (Monit?) process details or an URI help in restarting the application?..

Quote:

Originally Posted by unSpawn (Post 4249074)

This application is tailored named MGfusion. I have not said that it hangs. It works perfect. What I need is a script that will run at a cron to ban users who have different node ID. That simple. I would appreciate if someone can help with a script

Quote:

Originally Posted by morph3u5 (Post 4250048)

I have not said that it hangs. It works perfect.

Ah, so that's why you wrote:

Quote:

Originally Posted by morph3u5 (Post 4248378)

server is running the same application as a failover just in case it stops.

*shrug*

Quote:

Originally Posted by morph3u5 (Post 4250048)

What I need is a script that will run at a cron to ban users who have different node ID. That simple. I would appreciate if someone can help with a script

I'm sure you need it but what have you tried? Post any commands or (pseudo)code you have else have a look at some Bash scripting guides like http://www.tldp.org/HOWTO/Bash-Prog-Intro-HOWTO.html , http://www.tldp.org/LDP/Bash-Beginne...tml/index.html and the http://www.tldp.org/LDP/abs/html/ . If log file line items have fixed positions then with 'cut' or 'awk' you can print a field (say 'tailf logfilename 2>/dev/null|awk '{print $3}' 2>/dev/null;'), catch output in a variable, split user name and node, grep the other log for the user name and compare the node. Yes, it's that simple.

Quote:

Originally Posted by unSpawn (Post 4250594)

Ah, so that's why you wrote:

*shrug*

I'm sure you need it but what have you tried? Post any commands or (pseudo)code you have else have a look at some Bash scripting guides like http://www.tldp.org/HOWTO/Bash-Prog-Intro-HOWTO.html , http://www.tldp.org/LDP/Bash-Beginne...tml/index.html and the http://www.tldp.org/LDP/abs/html/ . If log file line items have fixed positions then with 'cut' or 'awk' you can print a field (say 'tailf logfilename 2>/dev/null|awk '{print $3}' 2>/dev/null;'), catch output in a variable, split user name and node, grep the other log for the user name and compare the node. Yes, it's that simple.

Can you help with it? Maybe you can give me a sample and I will amend it accordingly please? Cheers boss I don't have a clue in programming

HELP please!!! Any one can help with this script. Thanks in advance