May 22, 2010

check auth.log

sometimes i'm paranoid and i want check who try to log in my server...
but auth.log is a very large and blinding file... so:

cat /var/log/auth.log | egrep -e "\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b"  | cut -d":" -f4  | uniq | sed 's/[a-zA-Z\-]//g' | awk '{print $1}' | uniq


obviously a script is a smarter solution ;D

links: authCheck

Post a Comment