2015-10-23

vオプションとnオプションがcclogconvに追加されました

みなさまこんにちは。

今日も cclogconv のお知らせです。

自分は使ってないのにアイディアだけくれる @harasou5 からまた
アイディアをいただいたので機能追加を行いました。

-v オプションと -n オプションです。

-v は grep の -v と同様条件の反転に用います。

-n は国コードの付加を行わないオプションです。

利用例:

通常時。

$ grep -F "Failed password for" /var/log/secure | cclogconv --data /usr/share/GeoIP/GeoLite2-Country.mmdb

Oct 15 04:16:09 secure sshd[2133]: Failed password for admin from US 199.106.88.54 port 52696 ssh2
Oct 15 05:48:39 secure sshd[2505]: Failed password for invalid user nologin from CN 59.52.97.130 port 48748 ssh2
Oct 15 05:48:42 secure sshd[2508]: Failed password for root from CN 59.52.97.130 port 49062 ssh2
Oct 15 05:48:45 secure sshd[2511]: Failed password for invalid user oracle from CN 59.52.97.130 port 49452 ssh2
Oct 15 05:48:48 secure sshd[2514]: Failed password for invalid user nagios from CN 59.52.97.130 port 49793 ssh2
Oct 15 07:58:40 secure sshd[2925]: Failed password for admin from SR 200.1.214.58 port 38206 ssh2
Oct 15 09:00:10 secure sshd[2969]: Failed password for admin from PE 190.81.112.20 port 44984 ssh2
Oct 15 09:00:15 secure sshd[2972]: Failed password for root from PE 190.81.112.20 port 45100 ssh2
Oct 15 09:00:19 secure sshd[2975]: Failed password for admin from PE 190.81.112.20 port 45248 ssh2
Oct 15 09:56:27 secure sshd[3071]: Failed password for admin from US 158.69.195.223 port 64495 ssh2
Oct 15 09:56:33 secure sshd[3074]: Failed password for admin from US 158.69.195.223 port 65218 ssh2
Oct 15 09:56:40 secure sshd[3077]: Failed password for admin from US 158.69.195.223 port 50492 ssh2
Oct 15 09:56:55 secure sshd[3083]: Failed password for invalid user support from US 158.69.195.223 port 51393 ssh2
Oct 15 09:57:01 secure sshd[3086]: Failed password for ftp from US 158.69.195.223 port 54395 ssh2
Oct 15 09:57:09 secure sshd[3089]: Failed password for invalid user user from US 158.69.195.223 port 55821 ssh2
Oct 15 09:57:15 secure sshd[3092]: Failed password for invalid user nagios from US 158.69.195.223 port 57833 ssh2

-nオプション

$ grep -F "Failed password for" /var/log/secure | cclogconv --data /usr/share/GeoIP/GeoLite2-Country.mmdb -n --CC=US

Oct 15 04:16:09 secure sshd[2133]: Failed password for admin from 199.106.88.54 port 52696 ssh2
Oct 15 09:56:27 secure sshd[3071]: Failed password for admin from 158.69.195.223 port 64495 ssh2
Oct 15 09:56:33 secure sshd[3074]: Failed password for admin from 158.69.195.223 port 65218 ssh2
Oct 15 09:56:40 secure sshd[3077]: Failed password for admin from 158.69.195.223 port 50492 ssh2
Oct 15 09:56:55 secure sshd[3083]: Failed password for invalid user support from 158.69.195.223 port 51393 ssh2
Oct 15 09:57:01 secure sshd[3086]: Failed password for ftp from 158.69.195.223 port 54395 ssh2
Oct 15 09:57:09 secure sshd[3089]: Failed password for invalid user user from 158.69.195.223 port 55821 ssh2
Oct 15 09:57:15 secure sshd[3092]: Failed password for invalid user nagios from 158.69.195.223 port 57833 ssh2

-vオプション

$ grep -F "Failed password for" /var/log/secure | cclogconv --data /usr/share/GeoIP/GeoLite2-Country.mmdb -v --CC=US

Oct 15 05:48:39 secure sshd[2505]: Failed password for invalid user nologin from CN 59.52.97.130 port 48748 ssh2
Oct 15 05:48:42 secure sshd[2508]: Failed password for root from CN 59.52.97.130 port 49062 ssh2
Oct 15 05:48:45 secure sshd[2511]: Failed password for invalid user oracle from CN 59.52.97.130 port 49452 ssh2
Oct 15 05:48:48 secure sshd[2514]: Failed password for invalid user nagios from CN 59.52.97.130 port 49793 ssh2
Oct 15 07:58:40 secure sshd[2925]: Failed password for admin from SR 200.1.214.58 port 38206 ssh2
Oct 15 09:00:10 secure sshd[2969]: Failed password for admin from PE 190.81.112.20 port 44984 ssh2
Oct 15 09:00:15 secure sshd[2972]: Failed password for root from PE 190.81.112.20 port 45100 ssh2
Oct 15 09:00:19 secure sshd[2975]: Failed password for admin from PE 190.81.112.20 port 45248 ssh2

こんな感じになります。

ぜひ皆さんも使ってみてください。

./configure --prefix=/home/rhykw

vオプションとnオプションがcclogconvに追加されました

Comments