Logsurfer is used to inspect the log entries and report based on POSIX regular expressions:
#showsyslog -f auth -p info -s 2006-07-27 | logsurfer -s -c /usr/local/etc/logsurfer/ssh_attack
2006-07-27 09:02:34 ssh NO USER s3parsonS@rs2.uwaterloo.ca from 129.97.200.237
2006-07-27 09:02:47 ssh NO USER s3parsonS@rs2.uwaterloo.ca from 129.97.200.237
2006-07-27 19:55:08 ssh NO USER test@admhome.uwaterloo.ca from 202.147.57.18
2006-07-27 19:55:09 ssh NO USER test@ist.uwaterloo.ca from 202.147.57.18
2006-07-27 19:55:11 ssh NO USER guest@ist.uwaterloo.ca from 202.147.57.18
2006-07-27 19:55:11 ssh NO USER guest@admhome.uwaterloo.ca from 202.147.57.18
2006-07-27 19:55:15 ssh NO USER admin@admhome.uwaterloo.ca from 202.147.57.18
2006-07-27 19:55:13 ssh NO USER admin@ist.uwaterloo.ca from 202.147.57.18
2006-07-27 19:55:16 ssh NO USER admin@ist.uwaterloo.ca from 202.147.57.18
2006-07-27 19:55:18 ssh NO USER user@ist.uwaterloo.ca from 202.147.57.18
2006-07-27 19:55:18 ssh NO USER admin@admhome.uwaterloo.ca from 202.147.57.18
2006-07-27 19:55:22 ssh NO USER user@admhome.uwaterloo.ca from 202.147.57.18
2006-07-27 19:55:35 ssh NO USER test@admhome.uwaterloo.ca from 202.147.57.18
2006-07-27 19:56:14 ssh NO USER test@rs2.uwaterloo.ca from 202.147.57.18
2006-07-27 19:56:17 ssh NO USER guest@rs2.uwaterloo.ca from 202.147.57.18
2006-07-27 19:56:19 ssh NO USER admin@rs2.uwaterloo.ca from 202.147.57.18
2006-07-27 19:56:22 ssh NO USER user@rs2.uwaterloo.ca from 202.147.57.18
2006-07-27 19:56:31 ssh NO USER test@rs2.uwaterloo.ca from 202.147.57.18
2006-07-27 22:37:16 ssh NO USER dthomas@ist.uwaterloo.ca from 129.97.128.31
Topic revision: r1 - 31 Jul 2006 - 17:43:43 - RonHosler
 
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback