On Tue, 03 May 2011 17:37:59 -0500, Michael Starks
<[email protected]> wrote:
On Tue, 3 May 2011 16:41:40 +0000, [email protected] wrote:
Hello,
Does anyone know of a quick way to run through all the OSSEC alert
log data, and extract all alerts over level 12 severity rating,
dumping them into a file? Thanks!
Kudos to Jeremy for the interesting arguments to grep! I never knew
about those. And here's my over-engineered solution, just for fun. :)
grep -E -B2 -A3 '^Rule: [0-9]{1,6} \(level 12\) -> '.*'$'
logs/alerts/alerts.log | sed 's/^--$/ /'
Whoops, you said all *over* level 12 (I am assuming you also want level
12), so this modification is necessary:
grep -E -B2 -A3 '^Rule: [0-9]{1,6} \(level 1[2345]\) -> '.*'$'
logs/alerts/alerts.log | sed 's/^--$/ /'
--
Michael Starks
[I] Immutable Security
http://www.immutablesecurity.com
