Login or Register to Ask a Question and Join Our Community


Shell Programming and Scripting

Perl log parsing help

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums Shell Programming and Scripting Perl log parsing help
# 1  
Old 04-02-2010
Perl log parsing help
Hello,

I'm sure this is a very simple problem, but I'm having trouble thinking of an efficient way to do the following:

given a large centralized ssh-log, one file on a syslog server, not separated by machines (I wish it were), that looks something like this:

Sep 27 16:20:56 machine-name sshd[3106]: Failed password for invalid user admin from 212.55.255.219 port 16808 ssh2
... etc...
Sep 27 16:22:31 machine-name sshd[31049]: Accepted password for vivianu from 207.180.183.178 port 55902 ssh2
....etc....
Sep 27 16:22:41 machine-name sshd[19032]: Failed password for root from 212.55.255.219 port 11368 ssh2

I want to parse through and report on any "root" ssh login attempts, and also report on multiple failed attempts for invalid accounts that exceed "x" times e.g. detect brute force attempts (I want to use denyhosts to do the 2 things above, but I'm still being asked for a script to parse the centralized log).

I'd also want to detect successful logins by the same user to multiple machines, as in someone probing the network.

I know I'll need to open the file, split the fields and store in some type of hash, just not sure if the machine name should be the hash, and things like month,day,time,password failed|accepted,incoming IP, etc. should each be keys w/ the split fields from the log being the values, etc.


any help appreciated.

---------- Post updated at 12:09 PM ---------- Previous update was at 10:57 AM ----------

I'll answer my own question and start looking at Log::Statistics
# 2  
Old 04-12-2010
MySQL
Instead of doing your own loggers, and blocking.

You can take a look at fail2ban: Fail2ban
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Need help in parsing an input in perl

I am executing a command it is returning me something like this name ip port ------------------------------------ http-listener-1 * 6712 http-listener-2 * 8709 I have a subroutine getListenerName($porttobeChecked) This subroutine returns me the name of the listener if i pass a... (4 Replies)
Discussion started by: javaholics
4 Replies

2. UNIX for Advanced & Expert Users

Perl parsing help required.

Hello, I got a file like this. 5201 5202 5203 5204 1234 2345 3456 4567 6210 6220 6230 6240 The required output should be 5201 1234 6210 (9 Replies)
Discussion started by: suverman
9 Replies

3. Shell Programming and Scripting

parsing argument in perl

in bash: LIST=`cat $1` for i in $LIST do ... done how will i do this in perl ? $1 is my first arguement. I'm a newbie in perl and will appreciate much your help guys ... (4 Replies)
Discussion started by: linuxgeek
4 Replies

4. Shell Programming and Scripting

Parsing information in perl

So i'm trying to write a perl script that logins into a network switch via ssh: #sh ip traffic IP statistics: Rcvd: 1460119147 total, 563943377 local destination 0 format errors, 0 checksum errors, 48401998 bad hop count 0 unknown protocol, 8379279 not a gateway ... (2 Replies)
Discussion started by: streetfighter2
2 Replies

5. Shell Programming and Scripting

Perl - switch parsing

I want to write a script that performs this type of behavior: Example: ./Myscript.pl -a ARGUMENTRun code 'a' ./Myscript.pl -b ARGUMENT Run code 'b' Do I use a case statement, functions? I am new to perl, just a code template on how to achieve this would be great. (1 Reply)
Discussion started by: streetfighter2
1 Replies

6. Shell Programming and Scripting

Perl parsing question

I need some help loading an array. I have two unique delimiters, but I keep running into recursion. #!/usr/bin/perl $INFILE="/root/scripts/data.txt"; $pat1="SCRIPT####"; $pat2="SCRIPT#echo"; $flag=0; $inc=0; $chunk=""; open(INFILE,"<$INFILE")|| die; while(<INFILE>) { if... (2 Replies)
Discussion started by: s_becker
2 Replies

7. Shell Programming and Scripting

Perl script parsing Help

Hi All, I am looking for a parsing in perl script which will parse DJEČJI SVIJET. There is a unicode character above character C. How to parse the total DJEČJI SVIJET in perl. Regards, Harikrishna (3 Replies)
Discussion started by: Harikrishna
3 Replies

8. Programming

Parsing a string in PERL

I have an extractfile (with fields delimited by pipes '|') and I want to prepend a counter based on the below requirements: - The counter starts at 3. - The counter increments only if the date (67th field of the extractfile) is different. Below is what I started off with: $cnt=2;... (3 Replies)
Discussion started by: ChicagoBlues
3 Replies

9. Shell Programming and Scripting

Perl parsing compared to Ksh parsing

#! /usr/local/bin/perl -w $ip = "$ARGV"; $rw = "$ARGV"; $snmpg = "/usr/local/bin/snmpbulkget -v2c -Cn1 -Cn2 -Os -c $rw"; $snmpw = "/usr/local/bin/snmpwalk -Os -c $rw"; $syst=`$snmpg $ip system sysName sysObjectID`; sysDescr.0 = STRING: Cisco Internetwork Operating System Software... (1 Reply)
Discussion started by: popeye
1 Replies

10. Shell Programming and Scripting

HTML parsing by PERL

i have a HTML report file..its in attachment(a part of the whole report is attached..name "input html.doc").also its source is attached in "report source code.txt" i just want to seperate the datas like in first line it should be.. NHTEST-3848498958-NHTEST-10.2-no-baloo a and so on for whole... (3 Replies)
Discussion started by: avik1983
3 Replies
Login or Register to Ask a Question