#!/bin/bash
# oracle_audit_interactive.sh
read -p "Enter minutes to look back (default 60): " MINUTES
MINUTES=${MINUTES:-60}
read -p "Enter ACTION code to filter (press Enter for all actions): " ACTION
if [ -z "$ACTION" ]; then
echo "Showing ALL actions in last $MINUTES minutes"
echo "---------------------------------------------"
find . -name "*.aud" -mmin -"$MINUTES" -exec awk '
{
if (match($0, /ACTION:\[[0-9]+\] "([0-9]+)"/, a))
print a[1]
}
' {} + \
| sort \
| uniq -c \
| sort -nr
else
echo "Showing USERID counts for ACTION=$ACTION in last $MINUTES minutes"
echo "---------------------------------------------------------------"
find . -name "*.aud" -mmin -"$MINUTES" -exec awk -v act="$ACTION" '
$0 ~ "ACTION:\\[[0-9]+\\] \"" act "\"" {
if (!seen[FILENAME]++) {
if (match($0, /USERID:\[[0-9]+\] "([^"]+)"/, u))
print u[1]
}
}
' {} + \
| sort \
| uniq -c \
| sort -nr
fi
Monday, February 9, 2026
OS_auditmon_action
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment