I've been dealing with the output of logcheck pretty regularly lately
and finally got to the point where i wanted to automate what i was
sporadically doing by hand, it turned out to be surprisingly easy and
surprisingly short:
#!/bin/bash
egrep "(getport|dump)" $1|cut -f 8 -d ' '|sort|uniq|nslookup
which seems pretty obvious to me now but wouldn't have been not so very
long ago... unix is fun
my next step is to see if i can get the script to recognize when it gets a
hit from the nslookup and then perform the whois search and give me a
nicely formatted output with the technical contacts email at the top the
hostname and ipaddress of the offending box and the relevant lines from
the original logcheck email. suggestions are welcome.
Larry Price | "We have seen the truth.
[EMAIL PROTECTED] | And the truth makes no sense." -chesterton
_______________________________________________________________
