Sunday, May 6, 2007

This just tips read ssh failed log with linux ala Tukang Nggame. With this comand we would know who failed login in our server/router. Simple.

Router:/# /bin/cat /var/log/auth.log |grep sshd:auth |grep failure |awk '{print $1"-" $2 "-" $3 "-->" $12 "->" $14 "->" $15}'

Follow result it

May-4-11:27:59-->tty=ssh->rhost=10.7.1.67->
May-5-14:53:02-->tty=ssh->rhost=10.7.1.199->
May-6-14:42:17-->tty=ssh->rhost=10.7.1.7->user=admin

You can save in .txt file, and can access with your web.

Router:/# /bin/cat /var/log/auth.log |grep sshd:auth |grep failure |awk '{print $1"-" $2 "-" $3 "-->" $12 "->" $14 "->" $15}' > /var/www/login-failed.txt

/var/www/ is your document root (web server). Than you can access url http://your-domain.com/login-failed.txt

Share this post :