GREP

Networking/Security Forums -> UNIX // GNU/Linux

Author: max_blakkLocation: South Wales UK PostPosted: Tue Oct 29, 2002 3:27 pm    Post subject: GREP
    ----
Anybodz know of some good tutorials (with examples rather than just explantions) for GREP(ing) I can see it is a powerfull tool but the idiot here is still struggling... Sad

General regular expression..??, what like "I'm of to the pub"..?? Laughing

Author: ShaolinTigerLocation: Kuala Lumpur, Malaysia PostPosted: Tue Oct 29, 2002 3:41 pm    Post subject:
    ----
GREP is much like the windows 'find documents containing' option.

What are you trying to do with it?

I usually use it by piping the output of other commands to it to find stuff in ps and lsof etc.

e.g

ps aux | grep smb

debmac:~# ps aux | grep smb
root 230 0.0 0.2 3632 1384 ? S Oct14 0:00 smbd -D
root 8787 0.0 0.0 1332 424 pts/0 S 13:32 0:00 grep smb
debmac:~#

or if you want to find something in the logs

cat /var/log/messages | grep restart

debmac:~# cat /var/log/messages | grep restart
Oct 27 06:47:04 debmac syslogd 1.4.1#10: restart.
Oct 28 06:25:06 debmac syslogd 1.4.1#10: restart.
Oct 29 06:25:07 debmac syslogd 1.4.1#10: restart.

It's awk that I find complicated..heh

Regular expressions eh..all good fun

Anyway here are some decent tutorials on grep:

http://pegasus.rutgers.edu/~elflord/unix/grep.html

http://www.geocities.com/tipsforlinux/articles/25.html

Author: max_blakkLocation: South Wales UK PostPosted: Tue Oct 29, 2002 3:54 pm    Post subject:
    ----
Thx ST, this must be the fastest responce time board ever..!!

The second recommended website was more what I am looking for..!!

I just want to get more specific as you demonstrated, with log files (Snort/apache etc) and filesystem searches..!!


Again Thx

Author: ShaolinTigerLocation: Kuala Lumpur, Malaysia PostPosted: Tue Oct 29, 2002 4:15 pm    Post subject:
    ----
For snort and apache I'd be more inclined to use something like Logwatch..

There are some nice log tools for snort specifically out there aswell such as:

ACID is probably the most popular one: http://www.snort.org/dl/contrib/data_analysis/acid/

http://people.ee.ethz.ch/~dws/software/snort-rep/

http://www.packx.net/packx/html/en/download.php#ids

http://grsecurity.net/download.php

http://www.xato.net/Downloads/snort.panel.zip

Using Snort with MySQL is nice too, can create some reports and things then Smile

http://www.incident.org/snortdb/



Networking/Security Forums -> UNIX // GNU/Linux


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group