Revision: 58242
Initial Code
Initial URL
Initial Description
Initial Title
Initial Tags
Initial Language
at July 4, 2012 01:16 by _reydin_
Initial Code
#!/bin/bash
auth=/var/log/auth.log
if [ "$1" != "" ]; then #check that there is an argument
if [ "$1" = success ]; then #check the entered argument for success
for i in `grep Accepted ${auth} | cut -d: -f3 | cut -c18-23` #search and cut the session id
do
id=$i
user=`grep Accepted ${auth} | grep ${id} | cut -d: -f4 | cut -d' ' -f5`
month=`grep Accepted ${auth} | grep ${id} | cut -d" " -f1`
day=`grep Accepted ${auth} | grep ${id} | cut -c4-6 | cut -c1-3`
atime=`grep Accepted ${auth} | grep ${id} | cut -c7-15`
echo "Status: [success] Account name: $user Date:$month,$day,$atime"
done
elif [ "$1" = fail ]; then #check the entered argument for fail
for i in `grep Failed ${auth} | grep password | cut -c8-15` #search and cut the time
do
id=$i
user=`grep Failed ${auth} | grep ${id} | grep password | cut -d: -f4 | cut -d" " -f5`
month=`grep Failed ${auth} | grep ${id} | grep password | cut -c1-3`
day=`grep Failed ${auth} | grep ${id} | grep password | cut -c4-6`
#atime=`grep Failed ${auth} | grep ${id} | cut -d" " -f3`
atime=$i
echo "Status: [fail] Account name: $user Date: $month, $day, $atime"
done
else #if more than one argument is entered or it doesn't match fail or success exit
exit 0
fi
else
echo "Example: ./auth.sh [success | fail]" #if there is no argument entered show example
exit 0
fi
Initial URL
Initial Description
This script will parse the auth.log and return results depending on the argument entered. To run the script enter one of the following. ./auth success or ./auth fail
Initial Title
Linux auth.log parser
Initial Tags
Bash
Initial Language
Bash