Thursday, October 27, 2005

Oneliner - Programming Languages - Count Failed login attempts in /var/log using AWK

This bash oneliner will allow you to search a $logfile for $search and report the total occurrences


search="Failed .*"; logile="/var/log/secure"; cat $logile | grep "$search" | awk -F: '{ print $7 }' | awk '{count[$1]++} END { for( i in count ) { if ( count[i] >= 5 ){print i "Total Failed Attempts: " count[i] ""} }}'


Server administrators can use an alternative way to perform the same task



search="Failed .*"; logile="/var/log/secure"; echo "Failed Login Attempts:" `cat $logile | grep "$search" | wc -l `;

0 Comments:

Post a Comment

Links to this post:

Create a Link

<< Home