日志示例如下所示:
01/13-21:25:26.314976 [**] [1:5000003:1] DoS Attack Detected [**] [Priority: 0] {TCP} 53.183.226.103:13968 -> 192.168.2.1:80
01/13-21:30:56.771459 [**] [1:500000005:1] SSH Bruteforce Attack Detected [**] [Priority: 0] {TCP} 192.168.2.142:59878 -> 192.168.2.1:22
我想问如何只提取检测到DoS攻击和检测到SSH暴力攻击的消息?
答案1
如果您有兴趣攻击,这是 awk 的一种方法。
awk '/Attack Detected/' logfile