On Fri, 2005-02-11 at 03:16 +0000, Michael Thompson wrote:
R'twick Niceorgaw wrote:
Can you post a line from your log so I can see what it looks like. That code works fine on syslog-ng and the latest SSHD. Make sure that you change Your ip address in what you post.
Feb 9 10:35:36 konark sshd[4577]: Failed password for illegal user user from ::ffff:xxx.xxx.xxx.xxx port 38107 ssh2 Feb 9 10:35:35 konark sshd[4571]: Failed password for root from ::ffff:xxx.xxx.xxx.xxx port 38055 ssh2
Thanks again for the help.
PS: I just looked at bad-ips and I have 7561 entries there just from
todays log.
R'twick
Try running this on your log by hand and see what you get back, if it works Ok, just modify it to fit in to the script.
grep "Failed password for illegal user" /var/log/messages | sed -e 's/.*user [^\ ]\+ from //' -e 's/ port.*//' | sort | uniq
-- [email protected] mailing list
