rinri
/
system-and-network-administration-course
1
0
Derivar 0
Código Questões 0 Pedidos de integração 0 Lançamentos 0 Wiki Trabalho
Não pode escolher mais do que 25 tópicos Os tópicos devem começar com uma letra ou um número, podem incluir traços ('-') e podem ter até 35 caracteres.
1 Cometer
1 Ramo
1.6 MiB
Árvore: 89edcc5866
Ramos Etiquetas
${ item.name }
Criar ramo ${ searchTerm }
de '89edcc5866'
${ noResults }
system-and-network-administ.../week4/lab4-solution.org

lab4-solution.org 2.8 KiB
Em bruto Vista normal Histórico

initial commit
há 11 meses
 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162 
  1. #+title: Lab4 Solution

  2. #+title: Amirlan Sharipov (BS21-CS-01)

  3. #+author: Amirlan Sharipov (BS21-CS-01)

  4. #+PROPERTY: header-args :results verbatim :exports both

  5. #+OPTIONS: ^:nil

  6. 

  7. * Question 1

  8. #+begin_src bash

  9. grep -E '(ERROR|WARNING)' server-data.log

  10. #+end_src

  11. 

  12. #+RESULTS:

  13. : 2022/09/18 13:25:34 wazuh-remoted: ERROR: Remote syslog blocked from: '10.110.18.0/24'

  14. : 2022/09/18 13:25:35 wazuh-remoted: WARNING: Remote syslog not parsed from: '10.110.18.0/24'

  15. : 2022/09/18 13:25:35 wazuh-remoted: ERROR: Remote syslog blocked from: '10.110.18.0/24'

  16. 

  17. * Question 2

  18. #+begin_src bash

  19. grep -v 'INFO' server-data.log

  20. #+end_src

  21. 

  22. #+RESULTS:

  23. : 2022/09/18 13:25:34 wazuh-remoted: ERROR: Remote syslog blocked from: '10.110.18.0/24'

  24. : 2022/09/18 13:25:35 wazuh-remoted: WARNING: Remote syslog not parsed from: '10.110.18.0/24'

  25. : 2022/09/18 13:25:35 wazuh-remoted: ERROR: Remote syslog blocked from: '10.110.18.0/24'

  26. 

  27. * Question 3

  28. #+begin_src bash

  29. grep -c 'ERROR' server-data.log

  30. #+end_src

  31. 

  32. #+RESULTS:

  33. : 2

  34. 

  35. * Question 4

  36. #+begin_src bash

  37. sed -E 's/([01]?[0-9][0-9]?|2[0-4][0-9]|25[0-5])\.([01]?[0-9][0-9]?|2[0-4][0-9]|25[0-5])\.([01]?[0-9][0-9]?|2[0-4][0-9]|25[0-5])\.([01]?[0-9][0-9]?|2[0-4][0-9]|25[0-5])\/([0-2]?[0-9]|3[0-2])/xxx.xxx.xxx.xxx\/xx/g' server-data.log > newlog.log

  38. cat newlog.log

  39. #+end_src

  40. 

  41. #+RESULTS:

  42. : 2022/09/18 13:25:34 wazuh-remoted: INFO: Remote syslog allowed from: 'xxx.xxx.xxx.xxx/xx'

  43. : 2022/09/18 13:25:34 wazuh-remoted: INFO: Remote syslog allowed from: '10.410.15.0/24'

  44. : 2022/09/18 13:25:34 wazuh-remoted: ERROR: Remote syslog blocked from: 'xxx.xxx.xxx.xxx/xx'

  45. : 2022/09/18 13:25:34 wazuh-remoted: INFO: Remote syslog allowed from: 'xxx.xxx.xxx.xxx/xx'

  46. : 2022/09/18 13:25:35 wazuh-remoted: WARNING: Remote syslog not parsed from: 'xxx.xxx.xxx.xxx/xx'

  47. : 2022/09/18 13:25:35 wazuh-remoted: ERROR: Remote syslog blocked from: 'xxx.xxx.xxx.xxx/xx'

  48. : Log1 2022/09/18 13:25:35 wazuh-remoted: INFO: Remote syslog allowed from: 'xxx.xxx.xxx.xxx/xx'

  49. : 2022/09/18 13:25:35 wazuh-remoted: INFO: Remote syslog allowed from: 'xxx.xxx.xxx.xxx/xx' END

  50. : 2022/09/18 13:25:35 wazuh-remoted: ACTION: none INFO: Remote syslog allowed from: 'xxx.xxx.xxx.xxx/xx'

  51. 

  52. * Question 5

  53. #+begin_src bash

  54. grep -P "^2022\/09\/18 13:25:(34|35) wazuh-remoted: (INFO|ERROR|WARNING): Remote syslog (allowed|blocked|not parsed) from: '10\.110\.(15|18)\.0\/24'$" server-data.log

  55. #+end_src

  56. 

  57. #+RESULTS:

  58. : 2022/09/18 13:25:34 wazuh-remoted: INFO: Remote syslog allowed from: '10.110.15.0/24'

  59. : 2022/09/18 13:25:34 wazuh-remoted: ERROR: Remote syslog blocked from: '10.110.18.0/24'

  60. : 2022/09/18 13:25:34 wazuh-remoted: INFO: Remote syslog allowed from: '10.110.15.0/24'

  61. : 2022/09/18 13:25:35 wazuh-remoted: WARNING: Remote syslog not parsed from: '10.110.18.0/24'

  62. : 2022/09/18 13:25:35 wazuh-remoted: ERROR: Remote syslog blocked from: '10.110.18.0/24'