Add log to cron job

To output the results of a cron job.

Add the below to the end of the cron > /dev/null 2>&1 >> /tmp/cron.out.log 2>> /tmp/output.log

Enable Audit logging on linux

To enable audit logging on linux to record commands.

Add the below to the /etc/pam.d/system-auth

session required enable=*

Once done run the below command to view the output

ausearch -ts today -m tty -i

To filter the output further add the below.

ausearch -ts today -m tty -i |grep id=user | cut -d '=' -f3,5,6,10

Install goaccess

Goaccess is a handy Apache log analyzer.

To install do the below.

yum install ncurses-devel glib2-devel GeoIP*
cd /usr/src
tar zxvf goaccess-0.4.tar.gz
cd goaccess-0.4
make; make install

Once installed then run

goaccess -f "/var/log/youraccess.log"

Command to look at a specific date of a log

sed -n '/05\/Dec\/2010/,$ p' access.log | goaccess -s -b

Screenshot of goaccess in action
Go Access screenshot

Cut Squid log data

Use the below to cut some data out of squid log that we dont need. Will cut up to the point added in the quotes (”)


squidlog.log.18: 851 - - [28/Sep/2011:19:01:37 +0100] "GET http://someurl HTTP/1.
1" 200 36921 "-" "-" "-" TCP_MISS:SERVER

To 866 - - [28/Sep/2011:19:13:57 +0100] "GET someurl HTTP/1.1" 200 38214 "-" "-" "-" TCP_MISS


cut -d ':' -f2,3,4,5,6, squidlog.txt

Grep for IP addresses

Another fun day at work. Today’s fun was attempting to extract some IP addresses from a wonderful log file filled with tildes!

Life made a little easier using the below grep to get out the IP format ( etc. Pretty useful to know.


Log with Tildes (ahhhhhhhh)



egrep "[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}" -o