I am running a command on watch to monitor logins on the mail server (Recent Compromise)

It works fine, just ideally i wanted to colour code a specific IP Address so i can easily see any IP addresses connecting not from an internal IP address.

The command i am running:

grep -Hrn "Login:" /var/log/maillog | cut -d ' ' -f 8,10 | sort -u

With watch:

watch "grep -Hrn "Login:" /var/log/maillog | cut -d ' ' -f 8,10 | sort -u"

How can i highlight s specific IP address with a specific colour. for example

The output is like this:

user=<[email protected]>, rip=123.123.123.123,
user=<[email protected]>, rip=321.321.321.321,
user=<[email protected]>, rip=123.123.123.123,
user=<[email protected]>, rip=111.111.111.111,
user=<[email protected]>, rip=123.123.123.123,
user=<[email protected]>, rip=123.123.123.123,
user=<[email protected]>, rip=198.1987.198.198,
user=<[email protected]>, rip=81.81.81.81,

Lets say the internal IP address is: 123.123.123.123 How can i get the output to auto colour code that IP address.

People work off site and also have emails on there mobile, i would expect to see a few different IP addresses from the same Email address, but if we have a full house, generally everyone connects on Wifi and devices on the same network, just wanted it for easy viewing

UPDATE

Based on a few answers below, it was the -c needed in Watch and the grep -z to highlight results but not alter the output.

watch -c "grep -Hrn --color=always "Login:" /var/log/maillog | grep --color=always -z "123.123.123.123" | cut -d ' ' -f 8,10 | sort -u"

CodePudding user response：

Add option -c (interpret ANSI color and style sequences) to your watch command and --color=always to your GNU grep command.

CodePudding user response：

Try using grep with --color='always' and match it with your IP-ADRESSE or a Regex.

CodePudding user response：

a=$(somecommand)
red="\e[31m" #or other color codes
echo -e "${red}$a"