Jackbox
Active Member
- Jan 2, 2016
- 197
- 96
- 74
Hello Linux lovers and haters,
grep is most certainly amazing whether you have a headache or get excited about 'er.
Here are some exciting ways to use grep to check for important information within logs.
Who has logged in today?
You may use w | grep "root" or who | grep "root" to find out who is currently in a root session. If you wanted to do something such as send a text message to your phone or email every 10 minutes showing the logged in users you could just create a cron job. If no one is logged in of course then you would be receiving no alerts. Kind of an interesting idea for a low volume sign-in server. Or maybe it could only go off if there are more than 1 root sessions in the event someone shares root credentials and more root sessions are active than normal or within a certain time frame. E.g. 2 root sessions within 1 minute alert.
Checking the security log on CentOS for failed:
grep "failed" /var/log/secure
More coming soon.
With nmap installed you could find open ports locally via:
nmap -O localhost | grep "open"
Who is accessing the website admin panel?
grep "GET /admin" /var/log/httpd/access_log
grep "POST /admin" /var/log/httpd/access_log
Why does SELinux use crystal meth?
grep "SELinux" /var/log/messages
grep is most certainly amazing whether you have a headache or get excited about 'er.
Here are some exciting ways to use grep to check for important information within logs.
Who has logged in today?
You may use w | grep "root" or who | grep "root" to find out who is currently in a root session. If you wanted to do something such as send a text message to your phone or email every 10 minutes showing the logged in users you could just create a cron job. If no one is logged in of course then you would be receiving no alerts. Kind of an interesting idea for a low volume sign-in server. Or maybe it could only go off if there are more than 1 root sessions in the event someone shares root credentials and more root sessions are active than normal or within a certain time frame. E.g. 2 root sessions within 1 minute alert.
Checking the security log on CentOS for failed:
grep "failed" /var/log/secure
More coming soon.
With nmap installed you could find open ports locally via:
nmap -O localhost | grep "open"
Who is accessing the website admin panel?
grep "GET /admin" /var/log/httpd/access_log
grep "POST /admin" /var/log/httpd/access_log
Why does SELinux use crystal meth?
grep "SELinux" /var/log/messages
Last edited: