I need to analyse some syslogs and I want to print out all the lines containing SSH connections to the inside interface of the firewall and ignore lines where the originating port is 22. So basically I want to print all matches after "to inside:" that contains /22 and ignore lines where /22 occur before "to inside:"
Before:
Teardown TCP connection 1595221765 for outside:10.35.22.20/22 to inside:10.33.249.82/1373 duration 0:25:10 bytes 119889 TCP FINs
Teardown TCP connection 1596165459 for outside:10.94.27.204/22 to inside:10.35.249.82/1558 duration 0:25:09 bytes 316401 TCP FINs
Teardown TCP connection 1597641639 for outside:123.32.168.219/10365 to inside:10.88.38.232/22 duration 0:00:30 bytes 0 SYN Timeout
Teardown TCP connection 1598227499 for outside:10.40.223.47/22 to inside:10.77.68.82/1804 duration 1:08:48 bytes 42429 TCP FINs
Teardown TCP connection 1597660611 for outside:10.93.226.150/22 to inside:10.43.249.82/1761 duration 1:31:26 bytes 25733 TCP FINs
Teardown TCP connection 1605038930 for outside:103.33.241.216/12995 to inside:10.5.36.232/22 duration 0:00:30 bytes 0 SYN Timeout
After:
Teardown TCP connection 1597641639 for outside:123.32.168.219/10365 to inside:10.88.38.232/22 duration 0:00:30 bytes 0 SYN Timeout
Teardown TCP connection 1605038930 for outside:103.33.241.216/12995 to inside:10.5.36.232/22 duration 0:00:30 bytes 0 SYN Timeout