Hi there!basically what I'd like is to extract date / time / ip address from the log where a user has made a failed attempt.
This is what I have tried... but its a bit too much info ..grep "authentication failure" /var/log/secure | awk '{print $0"-" $1 "-" $2 "-->" $12 "->" $14 "->" $15}' | cut -b7- | sort | uniq -c > hack.log
Any hints / tips ? .. thanks in advance Paul
