On Tue, 2003-10-21 at 15:29, Tom Marshall wrote: > > Don't know if you care or not, but you could do this much more efficiently > with perl. I *totally* agree. I teach the SANS perimeter track (T2) and teach this method of log review. While I can teach people how to use grep in about 10 minutes, perl takes a wee bit longer. Using the same method I teach in class gives me a better chance to debug/improve/etc. > If you don't want to do that, you can at least avoid the > tempfiles by using the surrounding spaces in your patterns, eg. > > grep " FINSCAN " logfile > finscan.txt I like using temp files as it aids in debugging. Also, I kind of have to use the temp files as I '-v' out everything I have a pattern for and want to be able to see what ever is left (i.e. all the traffic I don't create a match pattern for). Thanks! C
