Do you run Windows? Do you have huge log files of the activity at your firewall and on your network and find it hard to track the activity in there?
I finally found a neat little tool that can create a new file from your logs that will extract every line that a given search string is present in. I found lots that identify the line or extract or replace the string but this is the only one I have found that pulls the entire line from the log.
With a whole bunch of other functions available I really like the ability to have it find every instance of an IP address and pull the lines into another file so I can see all the activity of that IP address chronologically and in one single place.
Try it.... It's fast.... 22Mb file stripped of 100 lines carrying a given IP in about 8 seconds on a 1GB/128Mb machine......
Nice tool, its helps alot I'm working on a similar tool that does the same thing.
Coded in python (if I get it to work) will put the full source on this site when finish.
Guess I will study this tool to see how it works or maybe it will give me some good ideas.
January 21st, 2003, 07:23 PM
Ok..... you want a really nice feature that wouldn't be too hard to code?
I also would like to be able to strip out the previous X lines and the subsequent Y lines around each instance of my search string if I so desire.
For example I should be able to say find string "22.214.171.124" and also pull the previous 10 lines and the next 20 lines after each line containing this string.
That would be handy if someone were using multiple machines to probe me or whatever. I would be able to see the pattern more easily this way if there was any inconsistency.