On Mon, Jun 25, 2001 at 11:39:23PM -0700, larry a price wrote:
>
>I've been dealing with the output of logcheck pretty regularly lately
>and finally got to the point where i wanted to automate what i was
>sporadically doing by hand, it turned out to be surprisingly easy and
>surprisingly short:
>
>#!/bin/bash
>egrep "(getport|dump)" $1|cut -f 8 -d ' '|sort|uniq|nslookup
>
>which seems pretty obvious to me now but wouldn't have been not so very
>long ago... unix is fun
you can save yourself a pipe by replacing sort|uniq with sort -u
>
>my next step is to see if i can get the script to recognize when it gets a
>hit from the nslookup and then perform the whois search and give me a
>nicely formatted output with the technical contacts email at the top the
>hostname and ipaddress of the offending box and the relevant lines from
>the original logcheck email. suggestions are welcome.
>
You could use host instead of nslookup, if it doesn't get a hostname it
exits with an error status, and then you could use some sort of checking
on error status ( && or something) to toggle the rest of the script with
the report formatting... it has the problem that it doesn't accept
standard input, so you will need to pass the target address as a variable
or something like that.
--
Yes, we ARE a bunch of anal, short-tempered, quick to fly-off-the-handle,
sarcastic, know-it-alls. That's what running networks does to you.
- James Fischer on inet-access
