bots_user.sh

1. #!/bin/bash
2. # Code by: Jose Nelo
3. # April 2017
4. # To : CBA CBA
5. # Procedure to:
6. # Command in bash that will show all profiles meeting following criteria:
7. # user logged in, user changed password, user logged of within same second (all 3 actions have to be done within 1 second)
8. # those actions (log in, change, log off) happend one after another with no other entires in between
9. #
10. SourceLogFile=log.txt
11. FileOuts=bots.FileOuts
12. > $FileOuts
13. clear
14. echo " "
15. echo " "
16. echo " "
17. echo " "
18. while read line;
19. do
20.  date=`echo "$line" | cut -d' ' -f1-5`
21.  ip=`echo "$line" | cut -d'|' -f2`
22.  user=`echo "$line" | cut -d'|' -f3`
23.  event=`echo "$line" | cut -d'|' -f5`
24.         if [ "$event" = "user logged in" ];then
25.                 chk1=1;
26.  event1=`echo "$line" | cut -d'|' -f5`
27.                 date_aux1=`echo "$line" | cut -d' ' -f1-5`
28.         fi
29.         if [ "$event" = "user changed password" ];then
30.                 chk2=2;
31.                 event2=`echo "$line" | cut -d'|' -f5`
32.                 date_aux2=`echo "$line" | cut -d' ' -f1-5`
33.         fi
34.         if [ "$event" = "user logged off" ];then
35.                 chk3=3;
36.                 event3=`echo "$line" | cut -d'|' -f5`
37.                 date_aux3=`echo "$line" | cut -d' ' -f1-5`
38.         fi
39.         if [ "$chk1" = 1 ] && [ "$chk2" = 2 ] && [ "$chk3" = 3 ]; then
40.         event3=`echo "$line" | cut -d'|' -f5`
41.         date_aux3=`echo "$line" | cut -d' ' -f1-5`
42.         echo "Profile < $user > "
43.         echo "Time 1 :$date_aux1  : Event: $event1"
44.         echo "Time 2 :$date_aux2  : Event: $event2"
45.         echo "Time 3 :$date_aux3  : Event: $event3"
46.         echo " "
47.         chk1=0;chk2=0;chk3=0
48.         fi
49. done < "$SourceLogFile"