Sort your problems😅✌🏼
Hey guys & welcome to this new segment where i’ll be sharing some Linux tips from time to time. For a long time i’ve wanted to learn how to use “Swiss Army applets of linux”, one of them being Sort.
sort is a command line tool used to sort lines of text files.
In my forthcoming blogs, i wish to cover more tools like
- awk
- sed
- cut
- grep
- diff
- head & tail
- find
- locate
Etc Etc…
Lets have a look at some sample text that we are going to use for this demo.
1
2
3
4
5
6
7
8
9
10
11
12
13
root@oste:/home/ubuntu/sort# cat sample.txt
Malachi
Elisha
Trey
Nathanial
Zander
Harrison
Bryson
Kamden
Salvatore
Cael
Dale
Luis
The very basic way to sort text in alphabetical order is by running sort command without specifying any arguments as shown below:
You can also sort data and output it to another file as shows and still get the same results.
If you’d like the text displayed in reverse order, we can append the -r argument as follows:
where:
-r–reverse (reverse the result of comparisons)
Lets take this a step further. Assume we have the same data but this time round with a second column containing numbers.
1
2
3
4
5
6
7
8
9
10
11
12
13
root@oste:/home/ubuntu/sort# cat sample2.txt
Malachi 45
Elisha 75
Trey 84
Nathanial 99
Zander 85
Harrison 84
Bryson 80
Kamden 68
Salvatore 75
Cael 96
Dale 100
Luis 87
If you would like to sort this data in order of the numbers compared to the alphabetical order, we can do:
sort -k 2n sample2.txt
where:
-n–numeric-sort (compare according to string numerical value)-k–key=KEYDEF (sort via a key; KEYDEF gives location and type)
Numerical Sort
Demo text
1
2
3
4
5
6
7
8
9
10
root@oste:/home/ubuntu/sort# cat numbers
43
45
67
67
98
87
78
54
44
Assuming you have such data, we can use the -n argument to numerically sort it as follows:
In reverse order:
Sorting Months
The -M argument is used to sort months of the year.
Random Sort
-R–random-sort
Removing Duplicates
Demo text
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
root@oste:/home/ubuntu/sort# cat sample3.txt
root
root
root
admin
admin1234
jquery
robots
security
security
robots
redis
redis
redis
redis
toor
admin1234
Say you have several words that are duplicates in a file, and you want to sort them in alphabetical order removing the duplicates, you can run the following command:
sort -u sample3.txt
where:
-u–unique
Practical
auth.log
Sample Log file. We can concatenate sort command with other tools like grep, cut, awk, sed etc.
May 3 10:50:30 oste sudo: pam_unix(sudo:session): session closed for user root
May 7 21:17:01 oste CRON[4073277]: pam_unix(cron:session): session opened for user root by (uid=0)
May 6 23:17:01 oste CRON[3430346]: pam_unix(cron:session): session closed for user root
May 7 09:17:01 oste CRON[3722418]: pam_unix(cron:session): session opened for user root by (uid=0)
May 5 14:17:02 oste CRON[2465017]: pam_unix(cron:session): session opened for user root by (uid=0)
May 1 16:17:01 oste CRON[695121]: pam_unix(cron:session): session closed for user root
May 5 14:17:02 oste CRON[2465017]: pam_unix(cron:session): session closed for user root
May 4 05:26:01 oste CRON[1505321]: pam_unix(cron:session): session closed for user root
May 6 03:10:01 oste CRON[2841595]: pam_unix(cron:session): session opened for user root by (uid=0)
May 6 18:17:01 oste CRON[3284292]: pam_unix(cron:session): session closed for user root
May 2 17:17:01 oste CRON[113016]: pam_unix(cron:session): session closed for user root
May 5 19:17:01 oste CRON[2610910]: pam_unix(cron:session): session opened for user root by (uid=0)
May 5 06:17:01 oste CRON[2230970]: pam_unix(cron:session): session closed for user root
May 4 16:17:01 oste CRON[1822503]: pam_unix(cron:session): session opened for user root by (uid=0)
May 6 06:17:01 oste CRON[2934066]: pam_unix(cron:session): session opened for user root by (uid=0)
May 7 21:17:01 oste CRON[4073277]: pam_unix(cron:session): session closed for user root
May 7 06:17:01 oste CRON[3634791]: pam_unix(cron:session): session closed for user root
May 5 09:17:01 oste CRON[2318577]: pam_unix(cron:session): session closed for user root
May 1 17:17:02 oste CRON[724370]: pam_unix(cron:session): session closed for user root
May 5 03:10:01 oste CRON[2140141]: pam_unix(cron:session): session closed for user root
May 5 12:17:01 oste CRON[2406092]: pam_unix(cron:session): session closed for user root
May 2 22:30:56 oste su: pam_unix(su:session): session opened for user root by ubuntu(uid=0)
May 3 10:50:30 oste su: pam_unix(su:session): session closed for user root
May 5 07:17:01 oste CRON[2260298]: pam_unix(cron:session): session opened for user root by (uid=0)
May 2 00:17:01 oste CRON[928914]: pam_unix(cron:session): session opened for user root by (uid=0)
May 2 18:05:59 oste systemd-logind[692]: New session 5 of user ubuntu.
May 2 23:17:01 oste CRON[394537]: pam_unix(cron:session): session closed for user root
May 5 22:17:01 oste CRON[2698609]: pam_unix(cron:session): session opened for user root by (uid=0)
May 3 17:17:01 oste CRON[1150663]: pam_unix(cron:session): session opened for user root by (uid=0)
May 1 18:17:01 oste CRON[753570]: pam_unix(cron:session): session closed for user root
May 3 07:17:01 oste CRON[792193]: pam_unix(cron:session): session opened for user root by (uid=0)
May 5 10:17:01 oste CRON[2347753]: pam_unix(cron:session): session closed for user root
May 1 13:17:01 oste CRON[607450]: pam_unix(cron:session): session opened for user root by (uid=0)
May 5 18:17:01 oste CRON[2581643]: pam_unix(cron:session): session opened for user root by (uid=0)
May 5 05:26:01 oste CRON[2206242]: pam_unix(cron:session): session closed for user root
May 5 07:17:01 oste CRON[2260298]: pam_unix(cron:session): session closed for user root
May 3 09:17:01 oste CRON[891542]: pam_unix(cron:session): session opened for user root by (uid=0)
May 4 22:17:01 oste CRON[1997548]: pam_unix(cron:session): session opened for user root by (uid=0)
May 1 00:17:01 oste CRON[227288]: pam_unix(cron:session): session closed for user root
May 5 23:17:01 oste CRON[2727917]: pam_unix(cron:session): session opened for user root by (uid=0)
May 4 18:17:01 oste CRON[1880872]: pam_unix(cron:session): session closed for user root
May 2 20:17:01 oste CRON[245421]: pam_unix(cron:session): session opened for user root by (uid=0)
May 3 16:17:01 oste CRON[1121498]: pam_unix(cron:session): session opened for user root by (uid=0)
May 6 19:17:01 oste CRON[3313501]: pam_unix(cron:session): session closed for user root
May 4 13:17:01 oste CRON[1735061]: pam_unix(cron:session): session closed for user root
May 1 16:17:01 oste CRON[695121]: pam_unix(cron:session): session opened for user root by (uid=0)
May 3 03:10:01 oste CRON[587411]: pam_unix(cron:session): session opened for user root by (uid=0)
May 5 04:17:01 oste CRON[2172738]: pam_unix(cron:session): session opened for user root by (uid=0)
May 4 12:17:01 oste CRON[1705870]: pam_unix(cron:session): session closed for user root
May 3 11:17:01 oste CRON[976142]: pam_unix(cron:session): session opened for user root by (uid=0)
May 3 09:17:01 oste CRON[891542]: pam_unix(cron:session): session closed for user root
May 2 06:25:01 oste CRON[1108114]: pam_unix(cron:session): session opened for user root by (uid=0)
May 2 05:17:01 oste CRON[1075000]: pam_unix(cron:session): session closed for user root
May 1 20:17:01 oste CRON[812031]: pam_unix(cron:session): session closed for user root
May 3 10:17:01 oste CRON[941183]: pam_unix(cron:session): session opened for user root by (uid=0)
May 5 00:17:01 oste CRON[2055996]: pam_unix(cron:session): session opened for user root by (uid=0)
May 7 02:17:01 oste CRON[3517986]: pam_unix(cron:session): session closed for user root
May 1 05:26:01 oste CRON[378063]: pam_unix(cron:session): session opened for user root by (uid=0)
May 2 06:17:01 oste CRON[1104270]: pam_unix(cron:session): session closed for user root
May 2 11:41:08 oste systemd-logind[689]: New session 56 of user ubuntu.
May 3 12:43:49 oste sshd[136876]: pam_unix(sshd:session): session closed for user ubuntu
May 2 05:26:01 oste CRON[1079376]: pam_unix(cron:session): session opened for user root by (uid=0)
May 1 11:17:01 oste CRON[549130]: pam_unix(cron:session): session closed for user root
May 5 10:17:01 oste CRON[2347753]: pam_unix(cron:session): session opened for user root by (uid=0)
May 2 15:17:01 oste CRON[54701]: pam_unix(cron:session): session opened for user root by (uid=0)
May 5 05:17:01 oste CRON[2201885]: pam_unix(cron:session): session closed for user root
May 3 04:17:01 oste CRON[642709]: pam_unix(cron:session): session opened for user root by (uid=0)
May 7 03:17:01 oste CRON[3547176]: pam_unix(cron:session): session closed for user root
May 1 13:17:01 oste CRON[607450]: pam_unix(cron:session): session closed for user root
May 2 19:17:01 oste CRON[195766]: pam_unix(cron:session): session closed for user root
May 7 06:17:01 oste CRON[3634791]: pam_unix(cron:session): session opened for user root by (uid=0)
May 2 14:17:01 oste CRON[25510]: pam_unix(cron:session): session opened for user root by (uid=0)
May 7 00:17:01 oste CRON[3459621]: pam_unix(cron:session): session opened for user root by (uid=0)
May 3 18:17:01 oste CRON[1179850]: pam_unix(cron:session): session opened for user root by (uid=0)
May 6 22:17:01 oste CRON[3401161]: pam_unix(cron:session): session opened for user root by (uid=0)
May 5 13:17:01 oste CRON[2435299]: pam_unix(cron:session): session opened for user root by (uid=0)
May 7 05:26:01 oste CRON[3609994]: pam_unix(cron:session): session closed for user root
May 1 03:10:01 oste CRON[311407]: pam_unix(cron:session): session opened for user root by (uid=0)
May 4 16:17:01 oste CRON[1822503]: pam_unix(cron:session): session closed for user root
May 1 02:17:01 oste CRON[285630]: pam_unix(cron:session): session opened for user root by (uid=0)
May 2 18:06:00 oste sshd[136876]: pam_unix(sshd:session): session opened for user ubuntu by (uid=0)
May 2 05:26:01 oste CRON[1079376]: pam_unix(cron:session): session closed for user root
May 4 03:17:01 oste CRON[1442653]: pam_unix(cron:session): session closed for user root
May 7 16:17:01 oste CRON[3927307]: pam_unix(cron:session): session closed for user root
May 2 03:17:01 oste CRON[1016564]: pam_unix(cron:session): session opened for user root by (uid=0)
May 6 03:17:01 oste CRON[2844985]: pam_unix(cron:session): session opened for user root by (uid=0)
May 4 14:17:01 oste CRON[1764146]: pam_unix(cron:session): session closed for user root
May 2 03:10:01 oste CRON[1013170]: pam_unix(cron:session): session closed for user root
May 2 11:17:01 oste CRON[1250843]: pam_unix(cron:session): session closed for user root
May 7 10:17:01 oste CRON[3751632]: pam_unix(cron:session): session closed for user root
May 5 08:17:01 oste CRON[2289431]: pam_unix(cron:session): session closed for user root
May 2 04:17:01 oste CRON[1045765]: pam_unix(cron:session): session opened for user root by (uid=0)
May 2 01:17:01 oste CRON[958159]: pam_unix(cron:session): session closed for user root
May 5 03:10:01 oste CRON[2140141]: pam_unix(cron:session): session opened for user root by (uid=0)
May 5 08:17:01 oste CRON[2289431]: pam_unix(cron:session): session opened for user root by (uid=0)
May 3 03:17:02 oste CRON[593109]: pam_unix(cron:session): session closed for user root
May 5 06:25:03 oste CRON[2234896]: pam_unix(cron:session): session closed for user root
May 6 05:17:01 oste CRON[2903403]: pam_unix(cron:session): session opened for user root by (uid=0)
May 4 02:17:01 oste CRON[1413480]: pam_unix(cron:session): session closed for user root
May 1 06:47:01 oste CRON[417642]: pam_unix(cron:session): session opened for user root by (uid=0)
May 7 08:17:01 oste CRON[3693221]: pam_unix(cron:session): session closed for user root
May 1 03:30:01 oste CRON[321134]: pam_unix(cron:session): session opened for user root by (uid=0)
May 5 16:17:01 oste CRON[2523366]: pam_unix(cron:session): session opened for user root by (uid=0)
May 5 13:17:01 oste CRON[2435299]: pam_unix(cron:session): session closed for user root
May 6 05:26:01 oste CRON[2907795]: pam_unix(cron:session): session opened for user root by (uid=0)
May 5 21:17:01 oste CRON[2669336]: pam_unix(cron:session): session closed for user root
May 4 00:17:01 oste CRON[1355067]: pam_unix(cron:session): session closed for user root
May 6 05:26:01 oste CRON[2907795]: pam_unix(cron:session): session closed for user root
May 4 03:17:01 oste CRON[1442653]: pam_unix(cron:session): session opened for user root by (uid=0)
May 2 11:40:14 oste systemd: pam_unix(systemd-user:session): session opened for user ubuntu by (uid=0)
May 5 00:17:01 oste CRON[2055996]: pam_unix(cron:session): session closed for user root
May 1 06:47:01 oste CRON[417642]: pam_unix(cron:session): session closed for user root
May 7 00:17:01 oste CRON[3459621]: pam_unix(cron:session): session closed for user root
May 4 10:17:01 oste CRON[1647060]: pam_unix(cron:session): session opened for user root by (uid=0)
May 5 12:17:01 oste CRON[2406092]: pam_unix(cron:session): session opened for user root by (uid=0)
May 7 20:17:01 oste CRON[4044082]: pam_unix(cron:session): session closed for user root
May 6 07:17:01 oste CRON[2963261]: pam_unix(cron:session): session closed for user root
May 4 20:17:01 oste CRON[1939126]: pam_unix(cron:session): session opened for user root by (uid=0)
May 2 11:40:14 oste sshd[1262149]: Accepted password for ubuntu from 192.168.1.22 port 1292 ssh2
May 4 05:17:01 oste CRON[1500950]: pam_unix(cron:session): session closed for user root
May 7 01:17:01 oste CRON[3488813]: pam_unix(cron:session): session closed for user root
May 5 05:26:01 oste CRON[2206242]: pam_unix(cron:session): session opened for user root by (uid=0)
May 2 01:17:01 oste CRON[958159]: pam_unix(cron:session): session opened for user root by (uid=0)
May 6 05:17:01 oste CRON[2903403]: pam_unix(cron:session): session closed for user root
May 6 09:17:01 oste CRON[3021639]: pam_unix(cron:session): session closed for user root
May 2 18:05:59 oste sshd[136865]: pam_unix(sshd:session): session opened for user ubuntu by (uid=0)
May 7 13:17:01 oste CRON[3839153]: pam_unix(cron:session): session opened for user root by (uid=0)
May 3 08:17:01 oste CRON[841829]: pam_unix(cron:session): session closed for user root
May 4 07:17:01 oste CRON[1559516]: pam_unix(cron:session): session opened for user root by (uid=0)
May 2 11:41:09 oste systemd-logind[689]: Removed session 56.
May 3 01:17:01 oste CRON[493822]: pam_unix(cron:session): session opened for user root by (uid=0)
May 1 06:17:01 oste CRON[402854]: pam_unix(cron:session): session opened for user root by (uid=0)
May 2 09:17:01 oste CRON[1192421]: pam_unix(cron:session): session closed for user root
May 6 13:17:02 oste CRON[3138359]: pam_unix(cron:session): session closed for user root
May 6 16:17:01 oste CRON[3225975]: pam_unix(cron:session): session opened for user root by (uid=0)
May 6 13:17:02 oste CRON[3138359]: pam_unix(cron:session): session opened for user root by (uid=0)
May 6 07:17:01 oste CRON[2963261]: pam_unix(cron:session): session opened for user root by (uid=0)
May 5 09:17:01 oste CRON[2318577]: pam_unix(cron:session): session opened for user root by (uid=0)
May 1 06:52:01 oste CRON[420073]: pam_unix(cron:session): session opened for user root by (uid=0)
May 2 03:10:01 oste CRON[1013170]: pam_unix(cron:session): session opened for user root by (uid=0)
May 5 17:17:01 oste CRON[2552504]: pam_unix(cron:session): session opened for user root by (uid=0)
May 7 09:17:01 oste CRON[3722418]: pam_unix(cron:session): session closed for user root
May 1 19:17:01 oste CRON[782833]: pam_unix(cron:session): session closed for user root
May 5 21:17:01 oste CRON[2669336]: pam_unix(cron:session): session opened for user root by (uid=0)
May 3 15:17:01 oste CRON[1092309]: pam_unix(cron:session): session opened for user root by (uid=0)
May 4 23:17:01 oste CRON[2026746]: pam_unix(cron:session): session closed for user root
May 4 17:17:01 oste CRON[1851692]: pam_unix(cron:session): session closed for user root
May 4 21:17:01 oste CRON[1968253]: pam_unix(cron:session): session closed for user root
May 2 18:06:00 oste systemd-logind[692]: New session 7 of user ubuntu.
May 7 03:10:01 oste CRON[3543783]: pam_unix(cron:session): session closed for user root
May 4 15:17:01 oste CRON[1793314]: pam_unix(cron:session): session closed for user root
May 2 11:40:15 oste sshd[1262191]: Accepted password for ubuntu from 192.168.1.22 port 1293 ssh2
May 1 03:10:01 oste CRON[311407]: pam_unix(cron:session): session closed for user root
May 7 23:17:01 oste CRON[4131682]: pam_unix(cron:session): session closed for user root
May 4 04:17:01 oste CRON[1471862]: pam_unix(cron:session): session closed for user root
May 6 14:17:01 oste CRON[3167526]: pam_unix(cron:session): session closed for user root
May 1 21:17:01 oste CRON[841187]: pam_unix(cron:session): session opened for user root by (uid=0)
May 5 01:17:01 oste CRON[2085180]: pam_unix(cron:session): session closed for user root
May 1 07:17:01 oste CRON[432249]: pam_unix(cron:session): session closed for user root
May 5 20:17:01 oste CRON[2640090]: pam_unix(cron:session): session opened for user root by (uid=0)
May 4 18:17:01 oste CRON[1880872]: pam_unix(cron:session): session opened for user root by (uid=0)
May 1 22:17:01 oste CRON[870498]: pam_unix(cron:session): session closed for user root
May 7 15:17:01 oste CRON[3897570]: pam_unix(cron:session): session closed for user root
May 2 18:06:00 oste sshd[136876]: Accepted password for ubuntu from 192.168.1.6 port 1342 ssh2
May 7 12:17:01 oste CRON[3810029]: pam_unix(cron:session): session opened for user root by (uid=0)
May 6 20:17:01 oste CRON[3342659]: pam_unix(cron:session): session closed for user root
May 2 18:05:59 oste sshd[136865]: Accepted password for ubuntu from 192.168.1.6 port 1341 ssh2
May 2 11:40:16 oste systemd-logind[689]: New session 55 of user ubuntu.
May 1 06:25:01 oste CRON[406854]: pam_unix(cron:session): session opened for user root by (uid=0)
May 2 17:17:01 oste CRON[113016]: pam_unix(cron:session): session opened for user root by (uid=0)
May 6 12:17:01 oste CRON[3109160]: pam_unix(cron:session): session opened for user root by (uid=0)
May 2 21:17:01 oste CRON[295156]: pam_unix(cron:session): session closed for user root
May 5 19:17:01 oste CRON[2610910]: pam_unix(cron:session): session closed for user root
May 4 06:17:01 oste CRON[1530213]: pam_unix(cron:session): session opened for user root by (uid=0)
May 4 09:17:01 oste CRON[1617905]: pam_unix(cron:session): session closed for user root
May 3 10:50:30 oste systemd-logind[692]: Session 5 logged out. Waiting for processes to exit.
May 2 21:17:01 oste CRON[295156]: pam_unix(cron:session): session opened for user root by (uid=0)
May 1 06:52:01 oste CRON[420073]: pam_unix(cron:session): session closed for user root
May 7 22:17:01 oste CRON[4102540]: pam_unix(cron:session): session opened for user root by (uid=0)
May 4 05:26:01 oste CRON[1505321]: pam_unix(cron:session): session opened for user root by (uid=0)
May 3 18:17:01 oste CRON[1179850]: pam_unix(cron:session): session closed for user root
May 6 10:17:01 oste CRON[3050853]: pam_unix(cron:session): session opened for user root by (uid=0)
May 3 02:17:01 oste CRON[543524]: pam_unix(cron:session): session closed for user root
May 2 12:15:46 oste sshd[975]: Server listening on 0.0.0.0 port 22.
May 2 11:41:08 oste sshd[1263109]: pam_unix(sshd:session): session opened for user ubuntu by (uid=0)
May 2 22:17:01 oste CRON[344846]: pam_unix(cron:session): session opened for user root by (uid=0)
May 2 11:40:14 oste sshd[1262149]: pam_unix(sshd:session): session opened for user ubuntu by (uid=0)
May 7 17:17:01 oste CRON[3956491]: pam_unix(cron:session): session opened for user root by (uid=0)
May 3 06:17:01 oste CRON[742438]: pam_unix(cron:session): session opened for user root by (uid=0)
May 7 17:17:01 oste CRON[3956491]: pam_unix(cron:session): session closed for user root
May 2 18:17:01 oste CRON[146173]: pam_unix(cron:session): session closed for user root
May 1 05:17:01 oste CRON[373662]: pam_unix(cron:session): session opened for user root by (uid=0)
May 1 01:17:01 oste CRON[256431]: pam_unix(cron:session): session opened for user root by (uid=0)
May 2 06:25:04 oste CRON[1108114]: pam_unix(cron:session): session closed for user root
May 5 15:17:01 oste CRON[2494193]: pam_unix(cron:session): session opened for user root by (uid=0)
May 3 13:17:01 oste CRON[1033848]: pam_unix(cron:session): session closed for user root
May 6 02:17:01 oste CRON[2815834]: pam_unix(cron:session): session closed for user root
May 6 23:17:01 oste CRON[3430346]: pam_unix(cron:session): session opened for user root by (uid=0)
May 2 18:05:59 oste systemd: pam_unix(systemd-user:session): session opened for user ubuntu by (uid=0)
May 2 11:40:15 oste sshd[1262191]: pam_unix(sshd:session): session opened for user ubuntu by (uid=0)
May 3 21:17:01 oste CRON[1267438]: pam_unix(cron:session): session closed for user root
May 2 16:17:01 oste CRON[83834]: pam_unix(cron:session): session closed for user root
May 3 19:17:01 oste CRON[1209034]: pam_unix(cron:session): session closed for user root
May 4 11:17:01 oste CRON[1676227]: pam_unix(cron:session): session closed for user root
May 1 12:17:01 oste CRON[578277]: pam_unix(cron:session): session opened for user root by (uid=0)
May 1 23:17:01 oste CRON[899741]: pam_unix(cron:session): session opened for user root by (uid=0)
May 2 02:17:01 oste CRON[987337]: pam_unix(cron:session): session closed for user root
May 3 05:17:01 oste CRON[692819]: pam_unix(cron:session): session closed for user root
May 7 18:17:01 oste CRON[3985692]: pam_unix(cron:session): session opened for user root by (uid=0)
May 4 21:17:01 oste CRON[1968253]: pam_unix(cron:session): session opened for user root by (uid=0)
May 2 11:41:08 oste sshd[1263109]: Accepted password for ubuntu from 192.168.1.22 port 1298 ssh2
May 2 20:17:01 oste CRON[245421]: pam_unix(cron:session): session closed for user root
May 3 21:17:01 oste CRON[1267438]: pam_unix(cron:session): session opened for user root by (uid=0)
May 6 01:17:01 oste CRON[2786768]: pam_unix(cron:session): session opened for user root by (uid=0)
May 1 21:17:01 oste CRON[841187]: pam_unix(cron:session): session closed for user root
May 4 08:17:01 oste CRON[1588710]: pam_unix(cron:session): session closed for user root
May 4 06:25:01 oste CRON[1534112]: pam_unix(cron:session): session opened for user root by (uid=0)
May 3 20:17:01 oste CRON[1238241]: pam_unix(cron:session): session opened for user root by (uid=0)
May 2 08:17:01 oste CRON[1162793]: pam_unix(cron:session): session closed for user root
May 2 06:17:01 oste CRON[1104270]: pam_unix(cron:session): session opened for user root by (uid=0)
May 7 08:17:01 oste CRON[3693221]: pam_unix(cron:session): session opened for user root by (uid=0)
May 2 19:17:01 oste CRON[195766]: pam_unix(cron:session): session opened for user root by (uid=0)
May 5 01:17:01 oste CRON[2085180]: pam_unix(cron:session): session opened for user root by (uid=0)
May 1 08:17:01 oste CRON[461471]: pam_unix(cron:session): session opened for user root by (uid=0)
May 6 14:17:01 oste CRON[3167526]: pam_unix(cron:session): session opened for user root by (uid=0)
May 5 03:17:01 oste CRON[2143583]: pam_unix(cron:session): session opened for user root by (uid=0)
May 4 14:17:01 oste CRON[1764146]: pam_unix(cron:session): session opened for user root by (uid=0)
May 3 05:17:01 oste CRON[692819]: pam_unix(cron:session): session opened for user root by (uid=0)
May 7 07:17:01 oste CRON[3664018]: pam_unix(cron:session): session opened for user root by (uid=0)
May 3 00:17:01 oste CRON[444190]: pam_unix(cron:session): session closed for user root
May 1 07:17:01 oste CRON[432249]: pam_unix(cron:session): session opened for user root by (uid=0)
May 2 09:17:01 oste CRON[1192421]: pam_unix(cron:session): session opened for user root by (uid=0)
May 6 21:17:01 oste CRON[3371963]: pam_unix(cron:session): session opened for user root by (uid=0)
May 6 11:17:01 oste CRON[3079998]: pam_unix(cron:session): session closed for user root
May 6 20:17:01 oste CRON[3342659]: pam_unix(cron:session): session opened for user root by (uid=0)
May 6 06:25:04 oste CRON[2937969]: pam_unix(cron:session): session closed for user root
May 3 08:17:01 oste CRON[841829]: pam_unix(cron:session): session opened for user root by (uid=0)
May 2 22:30:56 oste su: (to root) ubuntu on pts/0
May 7 19:17:01 oste CRON[4014877]: pam_unix(cron:session): session opened for user root by (uid=0)
May 1 14:17:01 oste CRON[636688]: pam_unix(cron:session): session opened for user root by (uid=0)
May 6 18:17:01 oste CRON[3284292]: pam_unix(cron:session): session opened for user root by (uid=0)
May 6 02:17:01 oste CRON[2815834]: pam_unix(cron:session): session opened for user root by (uid=0)
May 6 03:17:01 oste CRON[2844985]: pam_unix(cron:session): session closed for user root
May 3 02:17:01 oste CRON[543524]: pam_unix(cron:session): session opened for user root by (uid=0)
May 4 03:10:01 oste CRON[1439217]: pam_unix(cron:session): session closed for user root
May 4 04:17:01 oste CRON[1471862]: pam_unix(cron:session): session opened for user root by (uid=0)
May 2 22:30:56 oste sudo: ubuntu : TTY=pts/0 ; PWD=/home/ubuntu/ctf-temp ; USER=root ; COMMAND=/usr/bin/su
May 7 05:17:01 oste CRON[3605638]: pam_unix(cron:session): session closed for user root
May 6 01:17:01 oste CRON[2786768]: pam_unix(cron:session): session closed for user root
May 4 03:10:01 oste CRON[1439217]: pam_unix(cron:session): session opened for user root by (uid=0)
May 7 06:25:01 oste CRON[3638689]: pam_unix(cron:session): session opened for user root by (uid=0)
May 5 17:17:01 oste CRON[2552504]: pam_unix(cron:session): session closed for user root
May 1 05:26:01 oste CRON[378063]: pam_unix(cron:session): session closed for user root
May 4 19:17:01 oste CRON[1910040]: pam_unix(cron:session): session opened for user root by (uid=0)
May 3 16:17:01 oste CRON[1121498]: pam_unix(cron:session): session closed for user root
May 4 06:17:01 oste CRON[1530213]: pam_unix(cron:session): session closed for user root
May 1 03:30:01 oste CRON[321134]: pam_unix(cron:session): session closed for user root
May 5 23:17:01 oste CRON[2727917]: pam_unix(cron:session): session closed for user root
May 5 04:17:01 oste CRON[2172738]: pam_unix(cron:session): session closed for user root
May 6 08:17:01 oste CRON[2992456]: pam_unix(cron:session): session closed for user root
May 3 12:17:01 oste CRON[1004867]: pam_unix(cron:session): session closed for user root
May 4 13:17:01 oste CRON[1735061]: pam_unix(cron:session): session opened for user root by (uid=0)
May 1 12:17:01 oste CRON[578277]: pam_unix(cron:session): session closed for user root
May 5 16:17:01 oste CRON[2523366]: pam_unix(cron:session): session closed for user root
May 7 05:17:01 oste CRON[3605638]: pam_unix(cron:session): session opened for user root by (uid=0)
May 3 12:43:49 oste systemd-logind[692]: Removed session 7.
May 2 12:15:46 oste sshd[975]: Server listening on :: port 22.
May 1 09:17:01 oste CRON[490708]: pam_unix(cron:session): session opened for user root by (uid=0)
May 1 03:17:01 oste CRON[314793]: pam_unix(cron:session): session opened for user root by (uid=0)
May 6 11:17:01 oste CRON[3079998]: pam_unix(cron:session): session opened for user root by (uid=0)
May 7 22:17:01 oste CRON[4102540]: pam_unix(cron:session): session closed for user root
May 4 02:17:01 oste CRON[1413480]: pam_unix(cron:session): session opened for user root by (uid=0)
May 3 12:17:01 oste CRON[1004867]: pam_unix(cron:session): session opened for user root by (uid=0)
May 3 05:26:01 oste CRON[700261]: pam_unix(cron:session): session opened for user root by (uid=0)
May 6 17:17:01 oste CRON[3255153]: pam_unix(cron:session): session closed for user root
May 7 19:17:01 oste CRON[4014877]: pam_unix(cron:session): session closed for user root
May 3 13:17:01 oste CRON[1033848]: pam_unix(cron:session): session opened for user root by (uid=0)
May 5 06:17:01 oste CRON[2230970]: pam_unix(cron:session): session opened for user root by (uid=0)
May 4 00:17:01 oste CRON[1355067]: pam_unix(cron:session): session opened for user root by (uid=0)
May 3 23:17:01 oste CRON[1325802]: pam_unix(cron:session): session closed for user root
May 7 11:17:01 oste CRON[3780835]: pam_unix(cron:session): session opened for user root by (uid=0)
May 2 10:17:01 oste CRON[1221632]: pam_unix(cron:session): session closed for user root
May 4 01:17:01 oste CRON[1384263]: pam_unix(cron:session): session closed for user root
May 6 08:17:01 oste CRON[2992456]: pam_unix(cron:session): session opened for user root by (uid=0)
May 3 14:17:01 oste CRON[1063078]: pam_unix(cron:session): session opened for user root by (uid=0)
May 7 07:17:01 oste CRON[3664018]: pam_unix(cron:session): session closed for user root
May 7 15:17:01 oste CRON[3897570]: pam_unix(cron:session): session opened for user root by (uid=0)
May 6 04:17:01 oste CRON[2874186]: pam_unix(cron:session): session opened for user root by (uid=0)
May 3 06:17:01 oste CRON[742438]: pam_unix(cron:session): session closed for user root
May 2 07:17:01 oste CRON[1133607]: pam_unix(cron:session): session closed for user root
May 2 16:17:01 oste CRON[83834]: pam_unix(cron:session): session opened for user root by (uid=0)
May 1 09:17:01 oste CRON[490708]: pam_unix(cron:session): session closed for user root
May 7 02:17:01 oste CRON[3517986]: pam_unix(cron:session): session opened for user root by (uid=0)
May 1 23:17:01 oste CRON[899741]: pam_unix(cron:session): session closed for user root
May 2 10:17:01 oste CRON[1221632]: pam_unix(cron:session): session opened for user root by (uid=0)
May 5 03:17:01 oste CRON[2143583]: pam_unix(cron:session): session closed for user root
May 4 01:17:01 oste CRON[1384263]: pam_unix(cron:session): session opened for user root by (uid=0)
May 2 05:17:01 oste CRON[1075000]: pam_unix(cron:session): session opened for user root by (uid=0)
May 2 00:17:01 oste CRON[928914]: pam_unix(cron:session): session closed for user root
May 6 19:17:01 oste CRON[3313501]: pam_unix(cron:session): session opened for user root by (uid=0)
May 5 06:25:01 oste CRON[2234896]: pam_unix(cron:session): session opened for user root by (uid=0)
May 1 11:17:01 oste CRON[549130]: pam_unix(cron:session): session opened for user root by (uid=0)
May 7 03:17:01 oste CRON[3547176]: pam_unix(cron:session): session opened for user root by (uid=0)
May 5 11:17:01 oste CRON[2376946]: pam_unix(cron:session): session closed for user root
May 1 02:17:01 oste CRON[285630]: pam_unix(cron:session): session closed for user root
May 7 05:26:01 oste CRON[3609994]: pam_unix(cron:session): session opened for user root by (uid=0)
May 6 09:17:01 oste CRON[3021639]: pam_unix(cron:session): session opened for user root by (uid=0)
May 7 10:17:01 oste CRON[3751632]: pam_unix(cron:session): session opened for user root by (uid=0)
May 7 03:10:01 oste CRON[3543783]: pam_unix(cron:session): session opened for user root by (uid=0)
May 7 06:25:03 oste CRON[3638689]: pam_unix(cron:session): session closed for user root
May 3 03:10:01 oste CRON[587411]: pam_unix(cron:session): session closed for user root
May 3 12:43:49 oste systemd-logind[692]: Session 7 logged out. Waiting for processes to exit.
May 1 14:17:01 oste CRON[636688]: pam_unix(cron:session): session closed for user root
May 4 05:17:01 oste CRON[1500950]: pam_unix(cron:session): session opened for user root by (uid=0)
May 3 19:17:01 oste CRON[1209034]: pam_unix(cron:session): session opened for user root by (uid=0)
May 3 00:17:01 oste CRON[444190]: pam_unix(cron:session): session opened for user root by (uid=0)
May 3 20:17:01 oste CRON[1238241]: pam_unix(cron:session): session closed for user root
May 2 11:41:09 oste systemd-logind[689]: Session 56 logged out. Waiting for processes to exit.
May 6 03:10:01 oste CRON[2841595]: pam_unix(cron:session): session closed for user root
May 1 05:17:01 oste CRON[373662]: pam_unix(cron:session): session closed for user root
May 3 06:25:01 oste CRON[749089]: pam_unix(cron:session): session opened for user root by (uid=0)
May 4 12:17:01 oste CRON[1705870]: pam_unix(cron:session): session opened for user root by (uid=0)
May 2 08:17:01 oste CRON[1162793]: pam_unix(cron:session): session opened for user root by (uid=0)
May 4 10:17:01 oste CRON[1647060]: pam_unix(cron:session): session closed for user root
May 7 11:17:01 oste CRON[3780835]: pam_unix(cron:session): session closed for user root
May 7 18:17:01 oste CRON[3985692]: pam_unix(cron:session): session closed for user root
May 5 05:17:01 oste CRON[2201885]: pam_unix(cron:session): session opened for user root by (uid=0)
May 5 02:17:01 oste CRON[2114379]: pam_unix(cron:session): session closed for user root
May 5 18:17:01 oste CRON[2581643]: pam_unix(cron:session): session closed for user root
May 3 23:17:01 oste CRON[1325802]: pam_unix(cron:session): session opened for user root by (uid=0)
May 6 06:17:01 oste CRON[2934066]: pam_unix(cron:session): session closed for user root
May 7 13:17:01 oste CRON[3839153]: pam_unix(cron:session): session closed for user root
May 6 10:17:01 oste CRON[3050853]: pam_unix(cron:session): session closed for user root
May 3 01:17:01 oste CRON[493822]: pam_unix(cron:session): session closed for user root
May 4 22:17:01 oste CRON[1997548]: pam_unix(cron:session): session closed for user root
May 2 03:17:01 oste CRON[1016564]: pam_unix(cron:session): session closed for user root
May 2 23:17:01 oste CRON[394537]: pam_unix(cron:session): session opened for user root by (uid=0)
May 1 06:17:01 oste CRON[402854]: pam_unix(cron:session): session closed for user root
May 3 22:17:01 oste CRON[1296667]: pam_unix(cron:session): session closed for user root
May 1 15:17:01 oste CRON[665913]: pam_unix(cron:session): session closed for user root
May 3 03:17:02 oste CRON[593109]: pam_unix(cron:session): session opened for user root by (uid=0)
May 3 17:17:01 oste CRON[1150663]: pam_unix(cron:session): session closed for user root
May 6 17:17:01 oste CRON[3255153]: pam_unix(cron:session): session opened for user root by (uid=0)
May 7 12:17:01 oste CRON[3810029]: pam_unix(cron:session): session closed for user root
May 1 18:17:01 oste CRON[753570]: pam_unix(cron:session): session opened for user root by (uid=0)
May 5 15:17:01 oste CRON[2494193]: pam_unix(cron:session): session closed for user root
May 2 11:40:14 oste systemd-logind[689]: New session 53 of user ubuntu.
May 6 15:17:01 oste CRON[3196752]: pam_unix(cron:session): session closed for user root
May 2 11:41:09 oste sshd[1263109]: pam_unix(sshd:session): session closed for user ubuntu
May 4 09:17:01 oste CRON[1617905]: pam_unix(cron:session): session opened for user root by (uid=0)
May 3 14:17:01 oste CRON[1063078]: pam_unix(cron:session): session closed for user root
May 2 04:17:01 oste CRON[1045765]: pam_unix(cron:session): session closed for user root
May 3 11:17:01 oste CRON[976142]: pam_unix(cron:session): session closed for user root
May 4 11:17:01 oste CRON[1676227]: pam_unix(cron:session): session opened for user root by (uid=0)
May 7 04:17:01 oste CRON[3576410]: pam_unix(cron:session): session closed for user root
May 6 06:25:01 oste CRON[2937969]: pam_unix(cron:session): session opened for user root by (uid=0)
May 4 08:17:01 oste CRON[1588710]: pam_unix(cron:session): session opened for user root by (uid=0)
May 3 22:17:01 oste CRON[1296667]: pam_unix(cron:session): session opened for user root by (uid=0)
May 1 06:25:22 oste CRON[406854]: pam_unix(cron:session): session closed for user root
May 6 00:17:01 oste CRON[2757107]: pam_unix(cron:session): session opened for user root by (uid=0)
May 3 05:26:01 oste CRON[700261]: pam_unix(cron:session): session closed for user root
May 2 11:17:01 oste CRON[1250843]: pam_unix(cron:session): session opened for user root by (uid=0)
May 7 14:17:01 oste CRON[3868360]: pam_unix(cron:session): session closed for user root
May 1 01:17:01 oste CRON[256431]: pam_unix(cron:session): session closed for user root
May 2 12:17:01 oste CRON[1292919]: pam_unix(cron:session): session closed for user root
May 6 15:17:01 oste CRON[3196752]: pam_unix(cron:session): session opened for user root by (uid=0)
May 2 02:17:01 oste CRON[987337]: pam_unix(cron:session): session opened for user root by (uid=0)
May 7 14:17:01 oste CRON[3868360]: pam_unix(cron:session): session opened for user root by (uid=0)
May 3 10:50:30 oste systemd-logind[692]: Removed session 5.
May 3 15:17:01 oste CRON[1092309]: pam_unix(cron:session): session closed for user root
May 4 20:17:01 oste CRON[1939126]: pam_unix(cron:session): session closed for user root
May 3 07:17:01 oste CRON[792193]: pam_unix(cron:session): session closed for user root
May 2 15:17:01 oste CRON[54701]: pam_unix(cron:session): session closed for user root
May 3 10:50:30 oste sshd[136865]: pam_unix(sshd:session): session closed for user ubuntu
May 6 22:17:01 oste CRON[3401161]: pam_unix(cron:session): session closed for user root
May 1 17:17:02 oste CRON[724370]: pam_unix(cron:session): session opened for user root by (uid=0)
May 5 20:17:01 oste CRON[2640090]: pam_unix(cron:session): session closed for user root
May 2 22:30:56 oste sudo: pam_unix(sudo:session): session opened for user root by ubuntu(uid=0)
May 2 12:17:01 oste CRON[1292919]: pam_unix(cron:session): session opened for user root by (uid=0)
May 1 22:17:01 oste CRON[870498]: pam_unix(cron:session): session opened for user root by (uid=0)
May 1 15:17:01 oste CRON[665913]: pam_unix(cron:session): session opened for user root by (uid=0)
May 7 16:17:01 oste CRON[3927307]: pam_unix(cron:session): session opened for user root by (uid=0)
May 1 10:17:01 oste CRON[519917]: pam_unix(cron:session): session opened for user root by (uid=0)
May 5 11:17:01 oste CRON[2376946]: pam_unix(cron:session): session opened for user root by (uid=0)
May 1 04:17:01 oste CRON[344468]: pam_unix(cron:session): session closed for user root
May 1 10:17:01 oste CRON[519917]: pam_unix(cron:session): session closed for user root
May 2 14:17:01 oste CRON[25510]: pam_unix(cron:session): session closed for user root
May 1 04:17:01 oste CRON[344468]: pam_unix(cron:session): session opened for user root by (uid=0)
May 4 06:25:03 oste CRON[1534112]: pam_unix(cron:session): session closed for user root
May 5 02:17:01 oste CRON[2114379]: pam_unix(cron:session): session opened for user root by (uid=0)
May 2 18:17:01 oste CRON[146173]: pam_unix(cron:session): session opened for user root by (uid=0)
May 4 17:17:01 oste CRON[1851692]: pam_unix(cron:session): session opened for user root by (uid=0)
May 6 16:17:01 oste CRON[3225975]: pam_unix(cron:session): session closed for user root
May 6 12:17:01 oste CRON[3109160]: pam_unix(cron:session): session closed for user root
May 7 20:17:01 oste CRON[4044082]: pam_unix(cron:session): session opened for user root by (uid=0)
May 4 19:17:01 oste CRON[1910040]: pam_unix(cron:session): session closed for user root
May 6 21:17:01 oste CRON[3371963]: pam_unix(cron:session): session closed for user root
May 1 20:17:01 oste CRON[812031]: pam_unix(cron:session): session opened for user root by (uid=0)
May 4 15:17:01 oste CRON[1793314]: pam_unix(cron:session): session opened for user root by (uid=0)
May 1 19:17:01 oste CRON[782833]: pam_unix(cron:session): session opened for user root by (uid=0)
May 7 01:17:01 oste CRON[3488813]: pam_unix(cron:session): session opened for user root by (uid=0)
May 2 12:15:45 oste systemd-logind[692]: New seat seat0.
May 2 22:17:01 oste CRON[344846]: pam_unix(cron:session): session closed for user root
May 1 08:17:01 oste CRON[461471]: pam_unix(cron:session): session closed for user root
May 3 10:17:01 oste CRON[941183]: pam_unix(cron:session): session closed for user root
May 6 00:17:01 oste CRON[2757107]: pam_unix(cron:session): session closed for user root
May 3 04:17:01 oste CRON[642709]: pam_unix(cron:session): session closed for user root
May 1 03:17:01 oste CRON[314793]: pam_unix(cron:session): session closed for user root
May 6 04:17:01 oste CRON[2874186]: pam_unix(cron:session): session closed for user root
May 7 23:17:01 oste CRON[4131682]: pam_unix(cron:session): session opened for user root by (uid=0)
May 4 07:17:01 oste CRON[1559516]: pam_unix(cron:session): session closed for user root
May 4 23:17:01 oste CRON[2026746]: pam_unix(cron:session): session opened for user root by (uid=0)
May 1 00:17:01 oste CRON[227288]: pam_unix(cron:session): session opened for user root by (uid=0)
May 7 04:17:01 oste CRON[3576410]: pam_unix(cron:session): session opened for user root by (uid=0)
May 5 22:17:01 oste CRON[2698609]: pam_unix(cron:session): session closed for user root
May 3 06:25:22 oste CRON[749089]: pam_unix(cron:session): session closed for user root
May 2 07:17:01 oste CRON[1133607]: pam_unix(cron:session): session opened for user root by (uid=0)
Assuming you've been given the jumbled log file above to sort according to the date & time, we can do so as follows: `sort -k 2n auth.log` Basically, here we want to sort the second column which is the date column. This automatically aligns with the time column and CRON values.  Now lets assume we've been told to sort the log file and and show all successful login attempts and their timestamps in the correct order.
root@oste:/home/ubuntu/sort# sort -k 2n auth.log | grep "Accepted password for" May 2 11:40:14 oste sshd[1262149]: Accepted password for ubuntu from 192.168.1.22 port 1292 ssh2 May 2 11:40:15 oste sshd[1262191]: Accepted password for ubuntu from 192.168.1.22 port 1293 ssh2 May 2 11:41:08 oste sshd[1263109]: Accepted password for ubuntu from 192.168.1.22 port 1298 ssh2 May 2 18:05:59 oste sshd[136865]: Accepted password for ubuntu from 192.168.1.6 port 1341 ssh2 May 2 18:06:00 oste sshd[136876]: Accepted password for ubuntu from 192.168.1.
This post is licensed under CC BY 4.0 by the author.
Comments powered by Disqus.