LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Using two greps in same line (https://www.linuxquestions.org/questions/linux-newbie-8/using-two-greps-in-same-line-4175512757/)

skoda 07-30-2014 12:14 PM
Using two greps in same line
 
Hello,

is this a valid statement?

Quote:
cat /usr/local/cpanel/logs/session_log | grep "NEW .*app=cpaneld" | grep xxx.xxx.xxx.xxxx.
*xxx are ip octets

but it produces the result expected.

Spatior 07-30-2014 12:16 PM
Hi skoda,

sure is a valid expression, althoug some may say it's not efficient, but that depends on how much data you are greping.

question:
you are getting the data you need? i got confused in your last statement

szboardstretcher 07-30-2014 12:17 PM
Looks fine, except for the additional x in your final ip address octet, and the useless use of cat.

Code:
grep "NEW .*app=cpaneld" /usr/local/cpanel/logs/session_log | grep xxx.xxx.xxx.xxx
or if you don't mind the mess:

Code:
grep "NEW .*xxx.xxx.xxx.xxx.*app=cpaneld" /usr/local/cpanel/logs/session_log

skoda 07-30-2014 12:28 PM
Quote:
Originally Posted by szboardstretcher (Post 5212059)
Looks fine, except for the additional x in your final ip address octet, and the useless use of cat.

Code:
grep "NEW .*app=cpaneld" /usr/local/cpanel/logs/session_log | grep xxx.xxx.xxx.xxx
Hai zsb...

Quote:
grep xxx.xxx.xxx.xxxx.
this actually represent an ip address of a hacker. just wanna know how many cpanel accounts he accessed.

thanks for the comment btw.

---------- Post added 07-30-14 at 12:29 PM ----------

Quote:
Originally Posted by szboardstretcher (Post 5212059)
Looks fine, except for the additional x in your final ip address octet, and the useless use of cat.

Code:
grep "NEW .*app=cpaneld" /usr/local/cpanel/logs/session_log | grep xxx.xxx.xxx.xxx
Thanks for the verification.

szboardstretcher 07-30-2014 12:33 PM
If this is a hacker,. very first thing to do is remove the box from the network. Then go through your backup/restore, root-cause, fix/patch/update, verification routine before putting it back in service.

You can head over to http://www.linuxquestions.org/questi...ux-security-4/ for help root-causing the attack vector and getting advice. Unspawn is the moderator there and he knows his stuff. Check his stickies out on the subject.

skoda 07-30-2014 12:35 PM
Quote:
Originally Posted by szboardstretcher (Post 5212068)
If this is a hacker,. very first thing to do is remove the box from the network. Then go through your backup/restore, root-cause, fix/patch/update, verification routine before putting it back in service.

You can head over to http://www.linuxquestions.org/questi...ux-security-4/ for help root-causing the attack vector and getting advice. Unspawn is the moderator there and he knows his stuff. Check his stickies out on the subject.
undestood!


All times are GMT -5. The time now is 11:35 PM.