Advanced Search

Linux auth.log parser

/ Published in: Bash
Save to your folder(s)
This script will parse the auth.log and return results depending on the argument entered. To run the script enter one of the following.
./auth success or ./auth fail

Expand | Embed | Plain Text

Copy this code and paste it in your HTML 
  1. #!/bin/bash
  2.  
  3. auth=/var/log/auth.log
  4.  
  5. if [ "$1" != "" ]; then  #check that there is an argument
  6.  
  7.         if [ "$1" = success ]; then     #check the entered argument for success
  8.                 for i in `grep Accepted ${auth} | cut -d: -f3 | cut -c18-23`  #search and cut the session id
  9.                 do
  10.  
  11.                 id=$i
  12.                 user=`grep Accepted ${auth} | grep ${id} | cut -d: -f4 | cut -d' ' -f5`
  13.                 month=`grep Accepted ${auth} | grep ${id} | cut -d" " -f1`
  14.                 day=`grep Accepted ${auth} | grep ${id} | cut -c4-6 | cut -c1-3`
  15.                 atime=`grep Accepted ${auth} | grep ${id} | cut -c7-15`
  16.  
  17.                 echo "Status: [success] Account name: $user  Date:$month,$day,$atime"
  18.  
  19.                 done
  20.  
  21.         elif [ "$1" = fail ]; then      #check the entered argument for fail
  22.  
  23.                 for i in `grep Failed ${auth} | grep password | cut -c8-15` #search and cut the time
  24.                 do
  25.  
  26.                 id=$i
  27.                 user=`grep Failed ${auth} | grep ${id} | grep password | cut -d: -f4 | cut -d" " -f5`
  28.                 month=`grep Failed ${auth} | grep ${id} | grep password | cut -c1-3`
  29.                 day=`grep Failed ${auth} | grep ${id} | grep password | cut -c4-6`
  30.                 #atime=`grep Failed ${auth} | grep ${id} | cut -d" " -f3`
  31.                 atime=$i
  32.  
  33.                 echo "Status: [fail] Account name: $user  Date: $month, $day, $atime"
  34.  
  35.                 done
  36.  
  37.  
  38.         else    #if more than one argument is entered or it doesn't match fail or success exit
  39.         exit 0
  40.         fi
  41.  
  42.  
  43. else
  44.         echo "Example: ./auth.sh [success | fail]"  #if there is no argument entered show example
  45.         exit 0
  46. fi

Report this snippet


Comments

RSS Icon Subscribe to comments

You need to login to post a comment.