Commands That Help Watch Your System Logs


Some useful grep / sed / cut commands to help you monitor your log files and detect possible attacks to your system.

Mainly based on CentOS 5.4 but can be tailored for other distros

1. Search through /var/log/secure and determine what IPs have the highest failed attempts to your FTP daemon in this instance vsftpd

grep "authentication failure" secure.* | grep vsftpd   | sed s/::ffff://g  | cut -d' ' -f14 |sort|uniq -c|sort -nr|more


2. Search through /var/log/secure and determine what IPs have the highest failed attempts to your SSHD daemon
grep "refused connect from" secure.*  | grep "sshd" | sed s/::ffff://g  | cut -d' ' -f9 |sort|uniq -c|sort -nr|more

Comments

  1. This information is meaningful and magnificent which you have shared here about the Linux commands. I am impressed by the details that you have shared in this post and It reveals how nicely you understand this subject. If anyone interested to know more about the linux tail command, linoxide is the best choice.

    ReplyDelete

Post a Comment

Popular posts from this blog

Basic Send Message to MQ with Java and IBM MQ JMS

ActiveMQ, easy to use open source message oriented middleware (MOM)