Parsing Secure logs

This is for my own reference; parsing security log and checking on IP’s that were trying to break-in our server.

cat /home/soj/log_imp/secure.1 | awk '$6 ~ /Failed/ {print $6,$1,$2,$3,$9$10,$11,$14$16,$13}' | sed -e 's/user//' | sed -e 's/invalid//' | sed -e 's/port//' | sed -ne 's/ssh2/Trying to Break-in via Shell access/p'
Advertisements