Pattern Matching

cat <<'EOF' > /tmp/syslog-demo.txt
2026-04-11 08:12:01 ERROR vault-01 auth: token expired for user admin
2026-04-11 08:12:03 INFO  vault-01 audit: policy lookup succeeded
2026-04-11 08:12:05 WARN  pfsense dns: upstream timeout 10.50.1.1
2026-04-11 08:12:07 ERROR ise-01 radius: EAP-TLS handshake failed client 98:BB:1E:1F:A7:13
2026-04-11 08:12:09 INFO  bind-01 named: zone transfer complete
EOF
awk '/ERROR/' /tmp/syslog-demo.txt

cat <<'EOF' > /tmp/syslog-demo.txt
2026-04-11 08:12:01 ERROR vault-01 auth: token expired for user admin
2026-04-11 08:12:03 INFO  vault-01 audit: policy lookup succeeded
# This is a comment line
2026-04-11 08:12:05 WARN  pfsense dns: upstream timeout 10.50.1.1
# Another comment
2026-04-11 08:12:07 ERROR ise-01 radius: EAP-TLS handshake failed
EOF
awk '!/comment/' /tmp/syslog-demo.txt

cat <<'EOF' > /tmp/services.txt
vault-01    10.50.1.30  8200  active
vault-02    10.50.1.31  8200  standby
ise-01      10.50.1.20  443   active
bind-01     10.50.1.40  53    active
vault-dr    10.50.2.30  8200  sealed
EOF
awk '$1 ~ /^vault/' /tmp/services.txt

cat <<'EOF' > /tmp/auth-log.txt
2026-04-11 08:15:01 admin    login   succeeded  10.50.1.100
2026-04-11 08:15:03 jsmith   login   failed     10.50.1.105
2026-04-11 08:15:05 admin    sudo    succeeded  10.50.1.100
2026-04-11 08:15:07 deploy   login   failed     10.50.1.110
2026-04-11 08:15:09 admin    login   succeeded  10.50.1.100
EOF
awk '$3 !~ /failed/' /tmp/auth-log.txt

cat <<'EOF' > /tmp/mixed-log.txt
2026-04-11 09:00:01 Error: disk usage at 92%
2026-04-11 09:00:02 INFO: backup completed
2026-04-11 09:00:03 error: NTP sync drift exceeded 500ms
2026-04-11 09:00:04 WARNING: certificate expires in 7 days
2026-04-11 09:00:05 ERROR: RADIUS server unreachable
EOF
awk 'tolower($0) ~ /error/' /tmp/mixed-log.txt

cat <<'EOF' > /tmp/mixed-log.txt
2026-04-11 09:00:01 Error: disk usage at 92%
2026-04-11 09:00:02 INFO: backup completed
2026-04-11 09:00:03 error: NTP sync drift exceeded 500ms
2026-04-11 09:00:04 WARNING: certificate expires in 7 days
2026-04-11 09:00:05 ERROR: RADIUS server unreachable
EOF
awk 'BEGIN{IGNORECASE=1} /error/' /tmp/mixed-log.txt

cat <<'EOF' > /tmp/syslog-demo.txt
2026-04-11 08:12:01 ERROR vault-01 auth: token expired for user admin
2026-04-11 08:12:03 INFO  vault-01 audit: policy lookup succeeded
2026-04-11 08:12:05 WARN  pfsense dns: upstream timeout 10.50.1.1
2026-04-11 08:12:07 ERROR ise-01 radius: EAP-TLS handshake failed
2026-04-11 08:12:09 INFO  bind-01 named: zone transfer complete
EOF
awk '/ERROR/ || /WARN/' /tmp/syslog-demo.txt

cat <<'EOF' > /tmp/syslog-demo.txt
2026-04-11 08:12:01 ERROR vault-01 auth: token expired for user admin
2026-04-11 08:12:03 INFO  vault-01 audit: policy lookup succeeded
2026-04-11 08:12:05 WARN  pfsense auth: certificate mismatch
2026-04-11 08:12:07 ERROR ise-01 auth: EAP-TLS handshake failed
2026-04-11 08:12:09 ERROR bind-01 named: zone transfer refused
EOF
awk '/ERROR/ && /auth/' /tmp/syslog-demo.txt

cat <<'EOF' > /tmp/metrics.txt
vault-01    connections  142   active
ise-01      connections  87    active
bind-01     queries      2031  active
pfsense     sessions     56    active
haproxy     connections  310   active
EOF
awk '$3 > 100' /tmp/metrics.txt

cat <<'EOF' > /tmp/inventory.txt
vault-01    10.50.1.30  active
vault-02    10.50.1.31  standby
ise-01      10.50.1.20  active
vault-01    10.50.1.30  active
bind-01     10.50.1.40  active
EOF
awk '$1 == "vault-01"' /tmp/inventory.txt

cat <<'EOF' > /tmp/alert-log.txt
ERROR auth 8 vault-01 token_expired
WARN  dns  2 bind-01  upstream_timeout
ERROR auth 12 ise-01  eap_tls_failure
INFO  audit 1 vault-01 policy_read
ERROR disk 3 pfsense  zpool_degraded
EOF
awk '$1 == "ERROR" && $3 > 5 {print $2, $4}' /tmp/alert-log.txt

ps aux | awk '$3 > 50 {printf "%-10s PID:%-6s CPU:%s%%\n", $1, $2, $3}'