|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Programming A discussion forum for programs and programming used in tech-related businesses. |
 |
|
|
LinkBack | Thread Tools |
12-07-2005, 11:14 PM
|
#1 (permalink) |
|
Registered User
Join Date: Jul 2005
Posts: 185
OS: slackware 10.1
 |
/var/log/messages parser
Here is a little script to parse /var/log/messages. If you run sshd on port 22 you know how many times you get bruteforced by zombies and this should make parsing the logs easier.
The code should be pretty easy to read and understand so i didnt comment anything. Usage: Code:
root@blackdragon:/home/tgo/perl# perl log.pl ------- Report for 127.0.0.1 ----------- Total Entries: 1 Accepted Logins: 0 Failed Logins: 1 ------- Report for 192.168.1.100 ----------- Total Entries: 6 Accepted Logins: 6 Failed Logins: 0 root@blackdragon:/home/tgo/perl# Code:
#!/usr/bin/perl
# /var/log/messages parser coded by tgo
# http://www.anomalous-security.org
use warnings;
open(F,"/var/log/messages") or die($!);
my %ips;
while(<F>)
{
if ($_ =~ /(\d+\.\d+\.\d+\.\d+)/)
{
$ip = $1;
if ($_ =~ /Accepted/)
{
$action = "accepted";
}
elsif($_ =~ /Failed password/)
{
$action = "failed";
}
else
{
next;
}
if (defined($ips{$ip}{$action}))
{
$ips{$ip}{$action} = $ips{$ip}{$action} + 1;
}
else
{
$ips{$ip}{$action} = 1;
}
}
}
close(F);
for my $ip ( keys %ips )
{
$ips{$ip}{'accepted'} = 0 unless (defined($ips{$ip}{'accepted'}));
$ips{$ip}{'failed'} = 0 unless (defined($ips{$ip}{'failed'}));
$total = $ips{$ip}{'accepted'} + $ips{$ip}{'failed'};
print "------- Report for $ip -----------\n";
print "Total Entries: " . $total . "\n";
print "Accepted Logins: " . $ips{$ip}{'accepted'} . "\n";
print "Failed Logins: " . $ips{$ip}{'failed'} . "\n";
}
__________________
My new homepage: Last edited by tgo; 12-07-2005 at 11:18 PM. |
|
     
|
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
12-08-2005, 11:12 AM
|
#2 (permalink) |
|
Be Free
Join Date: Nov 2004
Location: Texas
Posts: 840
OS: Windows XP, Linux
|
they Make, At Least For Debian, An Auto-script that will do that for you, it's called log rotate... check it out... it's really good software...
__________________
Suicide Command in Linux : rm -rf / ;) AIM:TheLoneWolf071@aim.com--If You Need Help, Don't Hesitate... |
|
|
|
|
| Thread Tools | |
|
|
