-   Linux - Newbie (
-   -   awk error (

windstory 02-14-2012 04:00 AM

awk error
I've got this code but it shows error message.



days=`date +%d`
hour=`date +%H`
minget=`date +%M`
min=`expr substr $minget 1 1`

printf "%sdays tried to connect to Server checking...\n" $days

for i in $(cat /var/log/messages | grep "no such user" | awk '$2 == 30 {print $3 $7}' | awk '{print $1 $3}' | awk -F: 'substr($1, 1, 2)=="'"${hour}"'" && substr($2,1,1)=='"${min}"' {print $1 $2 $3}'| awk -F['{print $2}' | awk -F] '{print $1}' |uniq -c| awk '$1 >='"${num}"' {print($2)}')
                iptables -A INPUT -s $i -j DROP
                echo "The attacker's IP is $i" |  mail -s "Server login script kid was detected!"

error message:


awk: fatal: Unmatched [ or [^: /[{print $2}/
Please let me know how to work this code.

Thanks in advance.

acid_kewpie 02-14-2012 04:07 AM

well as the error clearly states, there is an unmatched square bracket:


awk -F['{print $2}'
it won't be matched by the one in

awk -F] '{print $1}'
as there is a pipe in the middle, making them two separate bash commands.

Oh, actually you want to use those as the field delimters... well as below, I would suggest starting from scratch really, but escape them with a \ first... -F\[ or -F'[' shoudl also work.

grail 02-14-2012 07:14 AM

Personally I think you need to completely revise your current string of commands. The repetitive nature of calling awk after awk is definitely not required.

Perhaps you could show some of your data and what it is you need to capture?

For example:

awk '$2 == 30 {print $3 $7}' | awk '{print $1 $3}'
If the first awk only prints 2 items, how is the second to print the first and third??

windstory 02-14-2012 09:30 PM


Please understand I am not an programmer and did not make this code. I found at some webpage - which I forgot now - this code works to clean "/var/log/messages" file periodically.

acid_kewpie 02-15-2012 03:16 AM

No it doesn't work at all! what's the webpage?

That REALLY is not programming though... it's pretty simple sysadmin stuff.

windstory 02-19-2012 03:34 AM

acid kewpie/

The webpage is here:

grail 02-19-2012 07:03 AM

Well without being able to understand the Korean portions of the page, the line would still not work even for the original user for reasons I have already said.

How about we go back to where you explain what it is you need to be retrieving from /var/log/messages and show an example and we can help you with
something that will work?

windstory 02-20-2012 03:19 AM


Thanks for your concerns.

Please be understood the author of this code said,

For preventing hacker's trying to connect ftp repeatedly, this code reads /var/logs/message and store data and the numbers of how many times some ftp tries to connect to the server without permission - with wrong id and password.
And this code write down ftp ip which is tyied to connect with wrong information, and automatically banned the ftp ip from ftp port if the ftp ip tries over "num" tries.

After I read this post, I thought if so this would be grate for my server's security.

grail 02-20-2012 03:34 AM

The theory sounds good but as I and others have pointed out, the current code will not work irrelevant of the intended solution.

windstory 02-22-2012 06:01 PM

grail/ I appreciate for your kindness.

All times are GMT -5. The time now is 03:53 AM.