|
1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162 |
- #+title: Lab4 Solution
- #+title: Amirlan Sharipov (BS21-CS-01)
- #+author: Amirlan Sharipov (BS21-CS-01)
- #+PROPERTY: header-args :results verbatim :exports both
- #+OPTIONS: ^:nil
-
- * Question 1
- #+begin_src bash
- grep -E '(ERROR|WARNING)' server-data.log
- #+end_src
-
- #+RESULTS:
- : 2022/09/18 13:25:34 wazuh-remoted: ERROR: Remote syslog blocked from: '10.110.18.0/24'
- : 2022/09/18 13:25:35 wazuh-remoted: WARNING: Remote syslog not parsed from: '10.110.18.0/24'
- : 2022/09/18 13:25:35 wazuh-remoted: ERROR: Remote syslog blocked from: '10.110.18.0/24'
-
- * Question 2
- #+begin_src bash
- grep -v 'INFO' server-data.log
- #+end_src
-
- #+RESULTS:
- : 2022/09/18 13:25:34 wazuh-remoted: ERROR: Remote syslog blocked from: '10.110.18.0/24'
- : 2022/09/18 13:25:35 wazuh-remoted: WARNING: Remote syslog not parsed from: '10.110.18.0/24'
- : 2022/09/18 13:25:35 wazuh-remoted: ERROR: Remote syslog blocked from: '10.110.18.0/24'
-
- * Question 3
- #+begin_src bash
- grep -c 'ERROR' server-data.log
- #+end_src
-
- #+RESULTS:
- : 2
-
- * Question 4
- #+begin_src bash
- sed -E 's/([01]?[0-9][0-9]?|2[0-4][0-9]|25[0-5])\.([01]?[0-9][0-9]?|2[0-4][0-9]|25[0-5])\.([01]?[0-9][0-9]?|2[0-4][0-9]|25[0-5])\.([01]?[0-9][0-9]?|2[0-4][0-9]|25[0-5])\/([0-2]?[0-9]|3[0-2])/xxx.xxx.xxx.xxx\/xx/g' server-data.log > newlog.log
- cat newlog.log
- #+end_src
-
- #+RESULTS:
- : 2022/09/18 13:25:34 wazuh-remoted: INFO: Remote syslog allowed from: 'xxx.xxx.xxx.xxx/xx'
- : 2022/09/18 13:25:34 wazuh-remoted: INFO: Remote syslog allowed from: '10.410.15.0/24'
- : 2022/09/18 13:25:34 wazuh-remoted: ERROR: Remote syslog blocked from: 'xxx.xxx.xxx.xxx/xx'
- : 2022/09/18 13:25:34 wazuh-remoted: INFO: Remote syslog allowed from: 'xxx.xxx.xxx.xxx/xx'
- : 2022/09/18 13:25:35 wazuh-remoted: WARNING: Remote syslog not parsed from: 'xxx.xxx.xxx.xxx/xx'
- : 2022/09/18 13:25:35 wazuh-remoted: ERROR: Remote syslog blocked from: 'xxx.xxx.xxx.xxx/xx'
- : Log1 2022/09/18 13:25:35 wazuh-remoted: INFO: Remote syslog allowed from: 'xxx.xxx.xxx.xxx/xx'
- : 2022/09/18 13:25:35 wazuh-remoted: INFO: Remote syslog allowed from: 'xxx.xxx.xxx.xxx/xx' END
- : 2022/09/18 13:25:35 wazuh-remoted: ACTION: none INFO: Remote syslog allowed from: 'xxx.xxx.xxx.xxx/xx'
-
- * Question 5
- #+begin_src bash
- grep -P "^2022\/09\/18 13:25:(34|35) wazuh-remoted: (INFO|ERROR|WARNING): Remote syslog (allowed|blocked|not parsed) from: '10\.110\.(15|18)\.0\/24'$" server-data.log
- #+end_src
-
- #+RESULTS:
- : 2022/09/18 13:25:34 wazuh-remoted: INFO: Remote syslog allowed from: '10.110.15.0/24'
- : 2022/09/18 13:25:34 wazuh-remoted: ERROR: Remote syslog blocked from: '10.110.18.0/24'
- : 2022/09/18 13:25:34 wazuh-remoted: INFO: Remote syslog allowed from: '10.110.15.0/24'
- : 2022/09/18 13:25:35 wazuh-remoted: WARNING: Remote syslog not parsed from: '10.110.18.0/24'
- : 2022/09/18 13:25:35 wazuh-remoted: ERROR: Remote syslog blocked from: '10.110.18.0/24'
|