On Tue, 3 May 2011 16:41:40 +0000, [email protected] wrote:
Hello,
Does anyone know of a quick way to run through all the OSSEC alert
log data, and extract all alerts over level 12 severity rating,
dumping them into a file? Thanks!
Kudos to Jeremy for the interesting arguments to grep! I never knew
about those. And here's my over-engineered solution, just for fun. :)
grep -E -B2 -A3 '^Rule: [0-9]{1,6} \(level 12\) -> '.*'$'
logs/alerts/alerts.log | sed 's/^--$/ /'
--
Michael Starks
[I] Immutable Security
http://www.immutablesecurity.com
