I am having a problem with this script where it will not terminate
after the appropriate calculations take place.

#!/bin/bash
echo > stat_deny
grep DENY /var/log/messages | cut -d' ' -f12 | cut -d: -f1 > d_pack
cp d_pack d_pack2
da=`wc -l d_pack2 | cut -d'd' -f1`
left=`wc -l d_pack2 | cut -d'd' -f1`
until [ "$left" = 0 ]
do
left=`wc -l d_pack2 | cut -d'd' -f1`
s_ip=`head -n 1 d_pack2`
grep -v $s_ip d_pack2 > d_ex
n_word=`wc -l d_ex | cut -d'd' -f1`
diff=`expr $da - $n_word`
echo "$s_ip was blocked $diff time(s)." >> stat_deny
echo "$s_ip was blocked $diff time(s)."
cp d_ex d_pack2
echo > d_ex
da=`expr $da - $diff`
done


I am using RH7.0
Pentium 2 350Mhz
with bash-2.04-11

The first script i posted isn't the partional working model.
This one will do the calcualtions correctly but not terminate.

#Major Variables
#
# da --line count of d_pack
# s_ip --stopped ip address in log
# left --number of lines left in d_pack2
# diif --since I inverse grep a file I compare the line # counts between the before grep and after grep
# Files
# d_pack -- copy of /var/log/messages grepped for string # DENY
# d_pack2 -- actual file manipulated in script
# stat_deny -- the statitistics ogf the blocked ip addresses


#!/bin/bash
echo > stat_deny
grep DENY /var/log/messages | cut -d' ' -f12 | cut -d: -f1 > d_pack
cp d_pack d_pack2
da=`wc -l d_pack2 | cut -d'd' -f1`
function weedout()
{
s_ip=`head -n 1 d_pack2`
grep -v $s_ip d_pack2 > d_ex
n_word=`wc -l d_ex | cut -d'd' -f1`
diff=`expr $da - $n_word`
echo "$s_ip was blocked $diff time(s)." >> stat_deny
echo "$s_ip was blocked $diff time(s)."
cp d_ex d_pack2
echo > d_ex
da=`expr $da - $diff`
}
left=`wc -l d_pack2 | cut -d'd' -f1`
while [ "0" -lt $left ]
do
weedout
done

Nice script.

The reason your script does not stop is because you never decrement you test variable $left. If you add that line to the end of your function then it works correctly.

I noticed that you most of your file names began with d_. I'm guess you did this because you needed to cut out the d_ from the output of wc? Is that correcet? You could also cut it out with the following line.
This way you can name your files whatever you wanted.

Noticing how long the script took to execute. ( I have a P100) I took a stab at a possibly faster way to do this. My method was about 10 seconds faster on my machine with my given data set; however, it seems to be more costly if there are many hits from one IP.

Gary

Well for one thing the question about the file naming was right,
but actually the d_ stood for (deny) as in denied packets.

Your script works the same as mine but it still will not terminate.
I think something is wrong on my end, any ideas?

I never heard of the sort command before that would have saved my some time in writing this script.

If you could help with the termination problem I could finally finish the script.

Thanks for you help.

Don't know why it will not terminate. Both scripts ended find on my box. Try limiting your data to just a few lines of DENY(s) from messages and execute the script in debug mode.

sh -x scriptname.sh

This will allow you to see the progression of all the variables, including your termination condition.


Gary

You were (write) your script worked fro me when i limited it to
< 200 DENY's. Apparently the script was hanging on an ip with 4444 DENY's (LOL)

Thnaks for oyur help.