I have a log (IPs and user name altered):
Time - ID - Command - Argument
2018-05-16T18:06:23.680096Z 225 Connect Access denied for user 'admin'@'214.76.36.55' (using password: YES)
2018-05-16T18:06:25.389937Z 226 Connect admin@214.76.36.55 on using TCP/IP
2018-05-16T18:06:25.390134Z 226 Connect Access denied for user 'admin'@'218.76.36.55' (using password: YES)
2018-05-16T18:15:49.136165Z 227 Connect ruff@205.181.75.173 on using TCP/IP
2018-05-16T18:15:49.213672Z 227 Query select @@version_comment limit 1
2018-05-16T18:15:52.691468Z 227 Quit
I'd like to build a query that will show me any two lines that
Line 1 has a "Connect" and the NEXT line has a "Query"
2018-05-16T18:06:25.390134Z 226 Connect Access denied for user 'admin'@'218.76.36.55' (using password: YES)
2018-05-16T18:15:49.136165Z 227 Connect ruff@205.181.75.173 on using TCP/IP
Note, the 226 and 227 (ID) appear to be unique for each attempt, i.e. both 226's are related to the same connection, the 227, Connect, query and quit are all part of the same connection. Also, some of the lines are not formatted so nicely.
I'm stumped!! Thanks in advance.
↧