Parsing Secure logs


This is for my own reference; parsing security log and checking on IP’s that were trying to break-in our server.

cat /home/soj/log_imp/secure.1 | awk '$6 ~ /Failed/ {print $6,$1,$2,$3,$9$10,$11,$14$16,$13}' | sed -e 's/user//' | sed -e 's/invalid//' | sed -e 's/port//' | sed -ne 's/ssh2/Trying to Break-in via Shell access/p'
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s