tail with -f switch

yongitz · 12-18-2006, 03:45 AM

Hi guys! I have a problem with the piece of code below:

I am confused as to what could be the problem because it simply won't work when I use this in a script but when I type this directly on the command line then this script works as expected. I need your help to make this work.. Thanks!

Code:

tail -f /var/log/messages |  awk '/Invalid user/ {print $10}'

druuna · 12-18-2006, 03:58 AM

Hi,

Could you post the script you are using? I ask because the following seems to work:

Code:

 #!/bin/bash

tail -f /var/log/allmessages | awk '/stasis login/ { print $6 }'

This code snippet prints the name of the user that logs in.

yongitz · 12-18-2006, 04:15 AM

Sorry I did miss something... this is the actual code I'm using..

abc=$(tail -f /var/log/messages | awk '/Invalid user/ {print $10}')

I tried the -n switch as a replacement and it works but that is not what I need. I need to follow the logs and make some action to it.

druuna · 12-18-2006, 04:20 AM

Hi,

Tail -f is a continuously running process, you cannot put that into a variable.
You could redirect the output to a file, regularly check this file for changes and act accordingly. This can be done from one script.

Hope this helps.

yongitz · 12-18-2006, 04:29 AM

Thanks druuna! I guess my purpose is going to be defeated if that's the case...

I need to use it for auto blocking the IP of those who are trying to get in my ssh server. Though I can do it through cron maybe run it every minute but I want a real time scan of those attempts and block them automatically. Well, thanks again for your time..

zefo · 12-18-2006, 04:23 PM

shorewall firewall may do this automatically for you. check it out. /joe

chrism01 · 12-18-2006, 06:42 PM

You could pipe the output into your cmd for doing the blocking.

osor · 12-18-2006, 07:06 PM

There are tons of better methods for your purpose, most of which have already been discussed here at LQ (my favorite is the iptables-recent module).

AnanthaP · 12-19-2006, 03:50 AM

what is the significance of print $10? In the cdorrectly working example of drunna, it is printing $6, the sixth variable of every line returned by tail.