:: Top 10 email senders: grep "FROM: " [Bro_mime.log] | egrep -o "\w+@[a-zA-Z_]+?\.[a-zA-Z]{2,6}" | sort | uniq -c | sort -nr | head -n 10
:: Top 10 email recipients: grep "TO: " [Bro_mime.log] | egrep -o "\w+@[a-zA-Z_]+?\.[a-zA-Z]{2,6}" | sort | uniq -c | sort -nr | head -n 10
:: Top 10 web browser/client apps: cat [Bro_http.log] | grep -i user-agent | cut -f6- -d' ' | sort | uniq -c | sort -nr | head -n 10
:: Top 10 web servers (based on HTTP objects): cat [Bro_http.log] | grep "HOST: " | awk '{ print$5 }' | sort | uniq -c | sort -nr | head -n 10
:: Top 10 DNS A-record queries: cat [Bro_dns.log] | grep "query ?A" | awk '{ print$6 }' | sort | uniq -c | sort -nr | head -n 10
:: Top 10 HTTP server response codes: cat [Bro_http.log] | pcregrep -o '\(\d{3} "' | cut -c 2-5 | sort | uniq -c | sort -nr | head -n 10
:: HTTP POST/GET counts: cat [Bro_http.log] | pcregrep -o "POST|GET" | sort | uniq -c | sort -nr
No comments:
Post a Comment