-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathirscript-1-logs-entries.sh
29 lines (27 loc) · 1.16 KB
/
irscript-1-logs-entries.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
#!/bin/bash
#resultfile
output_file="Incident_Report_Logs_Entries_$(date +%Y-%m-%d-%H-%M-%S).txt"
echo "Date & Time of Report - $(date +%Y-%m-%d-%H-%M-%S)"
#List of Log Entries
echo "====================== Logs Entries =====================" >> "$output_file"
echo " " >> "$output_file"
echo "============= System Messages Logs ============" >> "$output_file"
cat /var/log/messages >> "$output_file"
echo "" >> "$output_file"
echo "============= Users Authentication Logs ============" >> "$output_file"
cat /var/log/auth.log >> "$output_file"
echo "" >> "$output_file"
echo "============= System Boot Logs ============" >> "$output_file"
cat /var/log/boot.log >> "$output_file"
echo "" >> "$output_file"
echo "============= Kernel Ring Buffer Logs ============" >> "$output_file"
cat /var/log/dmesg >> "$output_file"
echo ""
echo "============= kernel logs ============" >> "$output_file"
cat /var/log/kern.log >> "$output_file"
echo ""
echo "============= Syslogs ============" >> "$output_file"
cat /var/log/syslog >> "$output_file"
echo ""
echo "====================== Logs Entries =====================" >> "$output_file"
echo "Logs Entries Incident Report is saved to $output_file"