Question: unix the data file is comprised of a header followed...
The data file is comprised of a header, followed by lines containing firewall events. You can
view the head of the file with the following command;
cat firewall.log | head
OUTPUT OF COMMAND:
#Software: Microsoft Windows Firewall
#Time Format: local
#Fields: date time action protocol src-ip dst-ip src-port dst-port size
2018-05-25 11:47:02 FORWARD TCP 18.104.22.168 10.202.41.103 2176 7
2018-02-22 03:34:00 FORWARD UDP 22.214.171.124 10.202.40.101 2075 65 116445
2018-03-20 04:47:11 REJECT UDP 126.96.36.199 10.202.41.101 2189 97 985631
2018-11-08 14:14:47 REJECT TCP 10.101.8.64 10.202.40.103 2158 63 164259
2018-07-24 22:46:54 REJECT TCP 188.8.131.52 10.202.41.103 2089 61 991882
If you find yourself with a massive number of lines printing to the terminal; pressing
CTRL-C will stop the output of the file
Write a command to count the number of firewall events in the file.
Your command should exclude the header using a simple regular
Notice that the firewall event fields are delineated by a single space and contain the following
data points; date, time, action, protocol, src-ip, dst-ip, src-port, dst-port, size
Write a command to count the number of unique values in the src-ip
The date field follows the format YYYY-MM-DD; the month and day values are padded to 2
Write a command to count the number of events that match these
The event occurred in August, 2018 OR on July 4th 2018
2018-08-xx OR 2018-07-04
The dst-port field is either 80 or 443
the action field is ACCEPT
The time field follows the format of; HH:MM:SS
Write a command to count the number of events that meet this
The event occurred between midnight and 3 AM
00:00:00 to 03:00:00
The dst-port is 22
The action is DROP
The protocol is TCP
For the last remaining question in part 1; recall that man pages provide details on available
arguments for the majority of programs on a Linux computer.
Write a command to display the src-ip value for events that match
the following criteria;
The size field is less than or equal to 500
the dst-ip field starts with 10.202.40
Part 2 - 20 points
For this part, you will need to make use of the
programs. Study the man
pages for these programs to assist you with answering this question.
(10 points Each)
Write a command to print the date and time of the earliest event in
the firewall.log file.
Create a second command to print the date and time of the latest
event in the file.