Hi everyone, my firewall logs everything to a syslog server - new connections, terminated connections, etc
basically what im trying to do is analyse the syslog in realtime looking for a specific string which indicates a new connection has been established, and to count the number of occurrences of that string to get an idea of how many connections per minute im getting for a particular internet service so that I can graph it. An example of the significant line in syslog im looking for is: Feb 14 11:42:52 10.1.1.1 : Feb 14 11:19:47 EDT: %PIX-session-6-302015: Built inbound UDP connection 3523357 for Outside:124.178.41.91/123 ( 124.178.41.91/123) to svrdmz:NTP/123 (NTP/123) I can use the following to watch the log for the specific event tail -f /var/log/syslog | grep "to svrdmz:NTP/123 (NTP/123)" But I cant figure out a way to programatically count how many of these events occur per minute. any suggestions? -- Kind Regards, Christopher Barnes e. chris.p.bar...@gmail.com -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
