There is log-file /var/log/syslog
with the output of ip-addresses
like e.g. SRC=10.158.0.1.
I want to scan from this file every printed address in SRC= ... and then to make query with whois (SRC= ...).
This query should be monitored.
Mine attempt is wrong and looks like this in a bash-script:
#/bin/bash
while [ 1 ]
do
grep ‘SRC=ip-address’ /var/log/syslog >> /home/$user/topsecret001/pitbull001.txt;
whois ‘SRC=ip-address’ >> /home/$user/topsecret001/pitbull002.txt;
done
Can somebody help with a trick ? How should I define ip-address and how can
I use command whois with this ip-address ?
The output of /var/log/syslog looks like this snippet here :
http://paste.ubuntu.com/5859332/
The output of /var/log/syslog looks like this – when there is a little alert (like today) :
http://paste.ubuntu.com/5862958/
Idea would be too – to perform a whois-query only if there is "invalid state" popping up in the line of the scrolling syslog.
Thank you for your contributions. I have learnt something by your codes. Often the solutions are looking easier than thought like here – cause I thought it would be more difficulty. I think with recent contribution of enzotib then this question is solved already now.
see new comment of today (22nd June 2016) referring to 16.04 :
because this bash-script was for times of ipv4 – does then /etc/sysctl.conf needs to be un-commented to enable ipv4 ? – then this script would run ? otherwise there is no whois-output any more like before. Have checked this with uncommenting line 28 and line 33 of /etc/sysctl.conf – then this bash-script in this thread would work, but deliver very few output because provider has enabled firewall (because of no-spy-act ?). This way by this addition of 22nd June 2016 this thread is actualized for 16.04
Best Answer
Yet another solution:
If you only want to select lines of
syslogcontaining the stringINVALID STATE, then the above code can be modified as follows