Can anyone help me create a script that adds [ SURICATA ] in this log file?
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET SCAN SQL Injection Attempt (Agent uil2pn)"; flow:to_server,established; content:"$
Try this:
sed -i 's/.*:"/&[ SURICATA ]/' yourfile.log
Related
Need help in getting below the mac address inside the json file to re-reformatted using sed
cat 251.json
cat /tmp/251.json
[
"08:f1:ea:6d:03:3c",
"08:f1:ea:6d:03:3d",
"08:f1:ea:6d:03:3e",
"08:f1:ea:6d:03:3f",
"b8:83:03:81:4b:20",
"b8:83:03:81:4b:21",
"b8:83:03:84:d5:1c",
"b8:83:03:84:d5:1d"
]
The expected format is
[
"08f1.ea6d.033c",
"08f1.ea6d.033d",
"08f1.ea6d.033e",
"08f1.ea6d.033f",
"b883.0381.4b20",
"b883.0381.4b21",
"b883.0384.d51c",
"b883.0384.d51d"
]
This should work:
sed -E 's/:(.{2}):(.{2}):(.{2}):(.{2}):/\1.\2\3.\4/g' /tmp/251.json
In this way, you get the output to stdout. If you want to modify the file, add the -i option. You can check the result here.
I would like to use log4q. I downloaded the log4q.q file to my %QHOME% directory. When I try to load the script
C:\Dev\q\w32\q.exe -p 5000
q) \l log4q.q
I get
'
[0] (<load>)
)
When I try the same in qpad after connecting to localhost server I get
'.log4.q
(attempt to use variable .log4.q without defining/assigning first (or user-defined signal))
which I find strange because I can switch to non-existing namespaces in the console without any issues.
Thanks for the help!
It looks like a typo in the first line stemming from a recent change of namespace from .l to .log4q
I think the first line should be:
\d .log4q
not
\d .log4.q
I have a below xml file
<documents>
<document><title>some title1</title><abstract>Some abstract1</abstract></document>
<document><title>some title2</title><abstract>Some abstract2</abstract></document>
<document><title>some title3</title><abstract>Some abstract3</abstract></document>
<document><title>some title4</title><abstract>Some abstract4</abstract></document>
</documents>
I am trying to write a ksh script to fetch the abstract value based on title=title4
xmllint , xstartlet is not allowed in my machine (access issues)
I have tried with
sed -n '/abstract/{s/.*<abstract>//;s/<\/abstract.*//;p;}' connections.xml
How to modify this to search based on a title
Based on the example you have given:
sed -n '/title>.*title4<\/title>/{s#.*<abstract>##;s#</abstract>.*##;p}' file
Will give you:
Some abstract4
grep approach:
grep -Poz '<title>.*?title4</title><abstract>\K[^<>]+(?=</abstract>)' connections.xml && echo ""
The output:
Some abstract4
I'm new to jboss-cli and working through the 'jboss-cli recipes'.
Question
How do I read one specific property using jboss-cli? E.g.
jboss.home.dir (e.g. "-Djboss.home.dir=/path/to/my/jboss")
Xmx ("-Xmx=4G")
Context
The "CLI Recipes" documentation has this helpful example to get all system properties. However its 'too much infomration'. I want to script reading one specific property.
https://docs.jboss.org/author/display/WFLY10/CLI+Recipes#CLIRecipes-
Overview of all system properties in JBoss AS7+ including OS system
properties and properties specified on command line using -D, -P or
--properties arguments.
Standalone
[standalone#IP_ADDRESS:9999 /] /core-service=platform-mbean/type=runtime:read-attribute(name=system-properties)
Thanks in advance
You could do a :
:resolve-expression(expression=${jboss.home.dir})
You can use the cli like this:
$JBOSS_HOME/bin/jboss-cli.sh -c --command=/system-property=MY_PROPERTY:read-resource
you get an output like this:
$JBOSS_HOME/bin/jboss-cli.sh -c --command=/system-property=MY_PROPERTY:read-resource
{
"outcome" => "success",
"result" => {"value" => "4.0"}
}
which you can extract by piping into something like this:
<cli command> | grep "{\"value\"" | sed "s/.*value\" => \"\([^\"]*\)\".*/\1/"
its a bit ugly, and there are some nasty edge cases if the values were to be something like "value" => "value =" or something hideous.
In general this works OK.
Change the sed command to be a bit more specific to fix that.
This link pointed me to the answer: I can use a groovy script to get the values. From what I see the "jboss-cli command line" does not offer this flexibility.
https://developer.jboss.org/wiki/AdvancedCLIScriptingWithGroovyRhinoJythonEtc
Solution
Here's a solution for jboss home.
[For memory you can get results from "/core-service=platform-mbean/type=memory/:read-attribute(name=heap-memory-usage)"
bash
#!/bin/sh
# Note: must set jbbin to 'jboss home /bin'
groovy -cp $jbbin/client/jboss-cli-client.jar readJbossHome.groovy
Groovy
Note: this is 'quick and dirty'.
import org.jboss.as.cli.scriptsupport.*
cli = CLI.newInstance()
cli.connect()
// Define properties
myParentProp="system-properties"
myProp="jboss.home.dir"
// Retrieve and pluck values
result = cli.cmd("/core-service=platform-mbean/type=runtime:read-resource(recursive=true,include-runtime=false)")
myResult = result.getResponse().get("result")
myParentVal = myResult.get(myParentProp)
myVal = myParentVal.get(myProp)
// Print out results
println "Property detail ${myProp} is ${myVal}"
cli.disconnect()
You can also do it via Wildfly management rest call.
http://localhost:9990/management
POST
Headers = Content-Type:application/json
Body =
{
"operation":"resolve-expression",
"expression":"${jboss.home.dir}"
}
With newer Teiid DOCs I have found some useful information I thought this might be helpful to share to people coming across a similar usecase
https://access.redhat.com/documentation/en-us/jboss_enterprise_application_platform/6.3/html/administration_and_configuration_guide/configure_system_properties_using_the_management_cli
Helps Adding, Removing & Reading System Properties with jboss-cli
jboss-cli
If you have a cli command like ehsavoie suggested :resolve-expression(expression=${jboss.home.dir}) and want to use the content of the "result" property within jboss-cli you can save it in a variable. You can use backticks (`) to evaluate expressions.
simple expression
[standalone#localhost:9990 /] :resolve-expression(expression=${jboss.home.dir})
{
"outcome" => "success",
"result" => "/home/user/wildfly"
}
use in valiable
[standalone#localhost:9990 /] set wildflydirectory=`:resolve-expression(expression=${jboss.home.dir})`
[standalone#localhost:9990 /] echo $wildflydirectory
/home/user/wildfly
PowerShell
If you happen to use the PowerShell you can use a one-liner to extract even deeply nested results with the help of the cli's --output-json option and PowerShell's ConvertFrom-Json cmdlet. In this way the parsing problem from James Roberts's approach with grep and sed are gone.
$value=(Invoke-Expression "./jboss-cli.ps1 -c --command=':resolve-expression(expression=`${jboss.home.dir})' --output-json" | ConvertFrom-Json).result
It is a bit tricky to quote the command and escape the correct PowerShell special characters.
I've borrowed and written the following code to output the disconnect time. All works well but I'm curious as to how I could tighten/ shorten the code. If anyone feels like having some fun then I'd love to see what can be done. Be a learning lesson for me.
Cheers in advance.
Input:
ftp> !:--- FTP commands below here ---
ftp> lcd C:\Utilities\Performance_Testing\
\Utilities\Performance_Testing\: File not found
Verbose mode On .
ftp> verbose
binary
200 Switching to Binary mode.
ftp> put "test_file_5M.bin"
200 PORT command successful.
150 Ok to send data.
226 File receive OK.
ftp: 5242880 bytes sent in Seconds Kbytes/sec.
ftp> 44.81117.00disconnect
221 Goodbye.
ftp> bye
Code:
#Obtain UT external put value.
ut1intput=$(awk '
NR==70 {
for(i=1;i<=NF;i++) {
if($i=="ftp>") {
sub(/disconnect/, "", $(i+1));
print $(i+1)
}
}
}' filename.txt)
utintputvalue=`echo $ut1intput | awk -F. '{print $2"."$3}'| sed 's/^..//'`
Output:
UT external put value is 1220.98
Given your posted sample input and the desired output you said you want in your comment:
$ sed -n 's/^.*\(......\)disconnect/UT external put value is \1/p' file
UT external put value is 117.00