On Thu, 2010-04-15 at 12:08 +1200, Paul Swafford wrote:
> Hi there!
>
> basically what I'd like is to extract date / time / ip address from the
> log where a user has made a failed attempt.
>
> This is what I have tried... but its a bit too much info ..
>
> grep "authentication failure" /var/log/secure | awk '{print $0"-" $1 "-"
> $2 "-->" $12 "->" $14 "->" $15}' | cut -b7- | sort | uniq -c > hack.log
>
>
> Any hints / tips ?
>
> .. thanks in advance
>
> Paul
Which logs? I don't use secure, but it would be best to look for
specific ( eg ssh, http ) hacks.Cheers, Steve -- Steve Holdoway <[email protected]> http://www.greengecko.co.nz MSN: [email protected] Skype: sholdowa
smime.p7s
Description: S/MIME cryptographic signature
