This script counts the IPS attackIDs listed by their 5 digit AttackID.   The script will be ran for the previous days log.  As you see 1 days ago in the script is the previous day.    I created the filename FNAME.   Eventually I will add it to the cron.daily to run at 1am the next morning.  This puts the uniqueID, Year, Month, Day, AttackID, and Total on a line in the file.    I created the unique ID from the YYMMDD+”AttackID”.   I added an array of AttackIDs to shorten the code dramatically and also make it easier to add new AttackIDs to the process. 

CURRENTDATE=`date –date=”1 days ago” +%Y-%m-%d`
CURRENTDATESHORT=`date –date=”1 days ago” +%y-%d-%m`
FourYear=`date +%Y`
TwoYear=`date –date=”1 days ago” +%y`
Month=`date –date=”1 days ago” +%m`
Day=`date –date=”1 days ago” +%d`
echo ${TwoYear}
echo ${Month}
echo ${Day}
echo ${TwoYear}${Month}${Day}

attackid=(13831 15235 15463 17570 26339 30024 30425 31752 37268 38503 38829 38856 40149 40477 40582 41512 41851 43737 43745 43747 43844 44308 44580 44738 44778 45356 45752 46520 47174 )

for item in ${attackid[*]}
echo -n ${TwoYear}${Month}${Day}$item >> “/home/michael/logs/${FNAME}”
echo -n -e ‘\t’ $FourYear >> “/home/michael/logs/${FNAME}”
echo -n -e ‘\t’ $Month >> “/home/michael/logs/${FNAME}”
echo -n -e ‘\t’ $Day >> “/home/michael/logs/${FNAME}”
echo -n -e ‘\t’ $item ‘\t’ >> “/home/michael/logs/${FNAME}”
sudo cat /var/log/firewalls/${CURRENTDATE}.log | grep -o -w $item | wc -w >> “/home/michael/logs/${FNAME}”
sudo chown michael:michael “/home/michael/logs/${FNAME}”
sudo chmod 755 “/home/michael/logs/${FNAME}”