Tuesday, October 29, 2013

Searching Log Files for a List of IP Addresses

Tried to create a script that would be a little more efficient than greping one IP Address at a time from a long list provided:

#!/bin/bash

# Tried to make searching through logs more efficient with this script by batching the grep statements
arrayIPAddr=()
while read line
do
        arrayIPAddr+=("$line")
        arrayIPSize=${#arrayIPAddr[@]}
        # Only issue is the last 1 to 14 records will not be looked at due to the hard cutoff at 15
        if [ $arrayIPSize == 15 ]; then

                cat logfile.txt | grep -e ${arrayIPAddr[0]} -e ${arrayIPAddr[1]} -e ${arrayIPAddr[2]} -e ${arrayIPAddr[3]} -e ${arrayIPAddr[4]}  -e ${arrayIPAddr[5]} -e ${arrayIPAddr[6]} -e ${arrayIPAddr[7]} -e ${arrayIPAddr[8]} -e ${arrayIPAddr[9]}  -e ${arrayIPAddr[10]} -e ${arrayIPAddr[11]} -e ${arrayIPAddr[12]} -e ${arrayIPAddr[13]} -e ${arrayIPAddr[14]}
                arrayIPAddr=()

        fi

done < "ipList.txt"


As far as results, with this I was able to cut the amount of time it took down to 5 seconds to search the log.  Thought this would be a helpful script to hold onto for future reference.

No comments:

Post a Comment

Docker - Quick Notes and How To

For an ethical hacking class that I will be teaching coming up in the near future I wanted to identify a way where I could provide students ...