Posted By

_reydin_ on 07/04/12


Tagged

Bash parser Authlog


Versions (?)

Who likes this?

1 person have marked this snippet as a favorite

_reydin_


Linux auth.log parser


 / Published in: Bash
 

This script will parse the auth.log and return results depending on the argument entered. To run the script enter one of the following. ./auth success or ./auth fail

  1. #!/bin/bash
  2.  
  3. auth=/var/log/auth.log
  4.  
  5. if [ "$1" != "" ]; then #check that there is an argument
  6.  
  7. if [ "$1" = success ]; then #check the entered argument for success
  8. for i in `grep Accepted ${auth} | cut -d: -f3 | cut -c18-23` #search and cut the session id
  9. do
  10.  
  11. id=$i
  12. user=`grep Accepted ${auth} | grep ${id} | cut -d: -f4 | cut -d' ' -f5`
  13. month=`grep Accepted ${auth} | grep ${id} | cut -d" " -f1`
  14. day=`grep Accepted ${auth} | grep ${id} | cut -c4-6 | cut -c1-3`
  15. atime=`grep Accepted ${auth} | grep ${id} | cut -c7-15`
  16.  
  17. echo "Status: [success] Account name: $user Date:$month,$day,$atime"
  18.  
  19. done
  20.  
  21. elif [ "$1" = fail ]; then #check the entered argument for fail
  22.  
  23. for i in `grep Failed ${auth} | grep password | cut -c8-15` #search and cut the time
  24. do
  25.  
  26. id=$i
  27. user=`grep Failed ${auth} | grep ${id} | grep password | cut -d: -f4 | cut -d" " -f5`
  28. month=`grep Failed ${auth} | grep ${id} | grep password | cut -c1-3`
  29. day=`grep Failed ${auth} | grep ${id} | grep password | cut -c4-6`
  30. #atime=`grep Failed ${auth} | grep ${id} | cut -d" " -f3`
  31. atime=$i
  32.  
  33. echo "Status: [fail] Account name: $user Date: $month, $day, $atime"
  34.  
  35. done
  36.  
  37.  
  38. else #if more than one argument is entered or it doesn't match fail or success exit
  39. exit 0
  40. fi
  41.  
  42.  
  43. else
  44. echo "Example: ./auth.sh [success | fail]" #if there is no argument entered show example
  45. exit 0
  46. fi

Report this snippet  

You need to login to post a comment.