How do I grep my /var/log/secure file for the past 7 days or so many days?
New to linux (RHEL 5) and wondered I do I grep against my /var/log/secure file to extract the last 7 days or so many days? I've read on the net how to extract a certain date range (example 1 through 15 December) but it would be to much trouble to keep entering the range when I can just get the last weeks (or more) of data. A million thanks,
Johnny Mac Below is a part of my /var/log/secure log. Sep 7 08:34:25 myhost sshd[6127]: Failed password for illegal user root from 62.75.999.999 port 52663 ssh2 Sep 7 08:34:26 myhost sshd[7253]: User root not allowed because listed in DenyUsers Sep 7 08:34:28 myhost sshd[7253]: Failed password for illegal user root from 62.75.999.999 port 53393 ssh2 Sep 7 11:55:18 myhost sshd[11672]: Accepted password for gooduser from 98.999.26.41 port 43104 ssh2 Sep 7 23:01:28 myhost sshd[22438]: Did not receive identification string from 999.56.32.999 Sep 8 06:31:30 myhost sshd[21814]: Accepted password for gooduser from 98.999.26.41 port 5978 ssh2 |
well secure should be being rotated weekly if not daily. so they should already be in a limited timescale already. On a well managed system, each day /var/log/secure will be compressed at 4am, to secure.1.gz, and a new file created.
as for grepping things regardless, you just need to craft a text string which suits what you want, e.g. Code:
grep 'Sep [4-6]' /var/log/secure |
Rotate Monthly
I rotate monthly which is why I was wondering if I could extrapulate based on a time-frame not date.
|
Code:
date -d "last week" |
Quote:
|
Quote:
Code:
# Use like 'greprange 14 /var/log/secure': Quote:
If this is about countering brute force logins see fail2ban. |
All times are GMT -5. The time now is 10:58 AM. |