Ridicously simple auth.log file parser.

It does no attempt at anything fancy, just greps for 3 particular strings

  • "illegal user"
  • "breakin attemp"
  • "authentication failure"

Would be nice to have something more "sophisticated"

In my very humble opinion it should be

... | grep "`date '+%b %e'`" |wc -l

on line 37, 40 and 42 as syslog uses blank-padded day of month.

My system install was on other language than en_GB, so i needed to add a line to make it work:

export LANG=en_GB

Another way is to unset this variable in the beginning of the script with:

unset LANG
Last modified at 2006-07-30T10:37:49+02:00 Last modified on 2006-07-30T10:37:49+02:00

Attachments (2)

Download all attachments as: .zip