Mission 322

Three-stage evidence pipeline

Search, number, and limit log evidence in one bounded pipeline.

Text and logs
8 minutes Admin Lesson 322 of 360
grepnlhead
Lesson 322 of 360 0/360 lessons 0/17 missions Text and logs · 8 minutes
0%
Continue View profile
Ops lab terminal Training lab
New learnerrank 0XP 0%complete
learner@clairos:/home/learner $ Unix ops lab: type a command, press Enter
Instructions 8 minutes

Click any instruction for the command details, the why, and the common mistake to avoid.

Find denied events

Run grep denied /var/log/auth.log.

grep denied /var/log/auth.log
Number denied events

Run grep denied /var/log/auth.log | nl.

grep denied /var/log/auth.log | nl
Limit the evidence view

Run grep denied /var/log/auth.log | nl | head -n 3.

grep denied /var/log/auth.log | nl | head -n 3
Lesson support

What to notice while you play.

Objective

Build repeatable confidence with building a readable multi-stage text pipeline.

Hint

Start with grep denied /var/log/auth.log, inspect the result, then continue in order.

Why it matters

Building a readable multi-stage text pipeline helps operators explain what they know before they change anything.

Common mistakes
  • Skipping the output that proves building a readable multi-stage text pipeline.
  • Changing several things before recording a baseline.
Reference

Commands in this lesson.

head|tail [-n N] <file>

Read the beginning or end of a file.

grep [-i] <text> <file>

Find literal text inside a file.

nl [file]

Number lines from a file or supported text pipeline.