Home/ Questions/Q 6214975
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-24T06:58:18+00:00

I’m writing a shell script to parse through log file and pull out all

  • 0

I’m writing a shell script to parse through log file and pull out all instances where sudo succeeded and/or failed. I’m realizing now that this probably would’ve been easier with shell’s equivalent of regex, but I didn’t want to take the time to dig around (and now I’m paying the price). Anyway:

sudobool=0
sudoCount=0

for i in `cat /var/log/auth.log`;
do
    for word in $i;
    do
        if $word == "sudo:"
        then
            echo "sudo found"
            sudobool=1;
            sudoCount=`expr $sudoCount + 1`;
        fi
    done

    sudobool=0;

done


echo "There were " $sudoCount " attempts to use sudo, " $sudoFailCount " of which failed."

So, my understanding of the code I’ve written: read auth.log and split it up line by line, which are stored in i. Each word in i is checked to see if it is sudo:, if it is, we flip the bool and increment. Once we’ve finished parsing the line, reset the bool and move to the next line.

However, judging by my output, the shell is trying to execute the individual words of the log file, typically returning ‘$word : not found’.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Your error message arises from a lack of syntax in your if statement: you need to put the condition in [[brackets]]

    Using the pattern matching in bash:

    #!/bin/bash
sudoCount=0
while read line; do
    sudoBool=0
    if [[ "$line" = *sudo:* ]]; then
        sudoBool=1
        (( sudoCount++ ))
        # do something with sudobool ?
    fi
done < /var/log/auth.log
echo "There were $sudoCount attempts to use sudo."

    I’m not initimately familiar with the auth.log — what is the pattern to determine success or failure?

    • 0