Back to course

The Art of Log Analysis (Grep, Awk, Sed)

Modern DevSecOps (The Hard Way)

CLI Text Processing for Security

Logs are the breadcrumbs of an attacker. You must be fast with CLI text tools.

Common Tasks:

  • Find failed SSH logins: grep "Failed password" /var/log/auth.log.
  • Count unique IPs in access logs: awk '{print $1}' access.log | sort | uniq -c.
  • Replace sensitive data in logs: sed 's/[0-9]\{4\}/XXXX/g' logfile.

Mastering these tools is essential for incident response.