Dependency for secure log parser

frontsidebus · web-flow · commit 3bc1653ae73b · 2018-04-25T20:52:25.000-05:00
pulls out counts of fails and de-dupes
diff --git a/get_fails.sh b/get_fails.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+#grep "failure;" /var/log/secure | awk -F "=" '{print$7}' | awk '{print$1}' | sort | uniq -c | sort -rn > failed_login_ips.txt
+#
+AUTHLOGS=/var/log/secure
+OUTFILE=/root/failed_login_ips.txt
+#
+get_failed_auths () {
+        grep "failure;" $AUTHLOGS | awk -F "=" '{print$7}' | awk '{print$1}' | sort | uniq -c | sort -rn > $OUTFILE
+}
+get_failed_auths
