For the following examples to use you will need unix (awk, grep, sort, uniq,…) commands.
TASK1. Filter to the Dual ISP feature’s syslog messages from pix_log.txt file that is a log file for a day.
Solution:
Log file name: pix_log.txt
1. Collect Dual ISP feature’s syslog messages from Cisco UniverCD:
- 622001
- 327001 – 327003
- 422004 – 422006
2. Use grep to filter to those messages only:
| grep “622001\|327001\|327002\|327003\|422004\|422005\|422006” pix_log.txt |
TASK2. Which source host generates the highest amount of traffic?
Solution:
Log file name: SyslogCatchAll.txt
1. Log id: ASA-6-302014 –> this contains the bytes and src and dst IP addresses.
2. Create a file with the following content at the same directory where the log file is (Use vi or any text editor). File name must be `prg`.
| # $11 – source IP # $13 – destination IP # $15 — time # $17 — bytes NR == 1 {m=$1; p=0} |
3. Use the following unix commands:
| grep 302014 SyslogCatchAll.txt | awk ‘{print $11, $17}’ | sort | awk -f prg | sort -n | awk ‘{print $3, $2, $1}’ |
TASK3: Which destination host generates the highest amount of traffic?
Solution:
Log file name: SyslogCatchAll.txt
1. Log id: ASA-6-302014 –> this contains the bytes and src and dst IP addresses.
2. Create a file with the following content at the same directory where the log file is (Use vi or any text editor). File name must be `prg`.
| # $11 – source IP # $13 – destination IP # $15 — time # $17 — bytes NR == 1 {m=$1; p=0} |
3. Use the following unix commands:
| grep 302014 SyslogCatchAll.txt | awk ‘{print $13, $17}’ | sort | awk -f prg | sort -n | awk ‘{print $3, $2, $1}’ |
**********************************************************************
Get Linux-like environment for Windows from http://www.cygwin.com/
Posted on November 24, 2010
0