SSH LOG (what you thought i cant do professional titles?)

 (Again, this is not a retired challenge so I cannot post a lot of details. Just that there is an ssh log that I have to analyse and answer a bunch of questions. its my first HARD challenge on blueteamlabs so I'm excited!!)

its an ssh log file and it says to use any text editor. I'm an amateur so I'm only using the regular grep, tail, sort, awk etc but I think id like to get a bigger idea first of what as a whole is happening, before doing grep search for the particular questions. so I thought id use wireshark to open the log file, I know it doesn't but doesn't hurt to try. 

nope. didn't work. 

so I found a medium entry that used something called the elk stash to view the ssh session log. it stands for elasticsearch, logstash and kibana. i did find it and its open source and free ( cloud deployment is a premium service). THANK YOU FOR BEING THE BACKBONE OF RESEARCH, OPEN SOURCE DEVELOPERS!!

after a day full of wrestling I gave up on it. sometimes some things should be easy to configure and run. 

now to look for other free log visualisers that I don't have to fight into submission. 

while I do that, I grep. grep ftw. grep the love of my life. found successful login account.

answered q 2 AND 3. how I decided to finally do it is google how a successful answer to the question looks like and grep that exact word/phrase. is it cheating? feels like. well. 

q1 posed a tiny problem. but that info is classified and only for the deepest darkest corner of my heart to know(or until the challenge is retired I guess lol) (also Grammarly says my tone is appreciative and friendly but I feel the exact opposite. TAKE THAT you stone cold nlp bots)

solved q1 by my sheer brilliance. that leaves q5 and q6. q4 also solved by grep.

for 5 I will have to read up on what the question even means. 

did that, got it, the answer is right.

and 6 I think I can guess. yup its right. 

ok dunzo. just for fun I tried to use awk on this one because I wanted to sort unique results but the timestamps caused them all to turn unique so I asked for $6 and it didn't help at all because I already guessed the answer but I tried something new and made my laptop burn just a little bit more which made me very happy.

ok I'm done here's the certificate which you will notice I didn't post for other entries because they're all retired so I can write it out fully with reckless abandon but this one I cant but I need to prove to all of my zero readers that I did do this. 

ok bye goodnight

ps : gonna try opening elk stack again rn and I bet you 50 mil dollars it will magically start working I just know it in my bones