Commands That Help Watch Your System Logs


Some useful grep / sed / cut commands to help you monitor your log files and detect possible attacks to your system.

Mainly based on CentOS 5.4 but can be tailored for other distros

1. Search through /var/log/secure and determine what IPs have the highest failed attempts to your FTP daemon in this instance vsftpd

grep "authentication failure" secure.* | grep vsftpd   | sed s/::ffff://g  | cut -d' ' -f14 |sort|uniq -c|sort -nr|more


2. Search through /var/log/secure and determine what IPs have the highest failed attempts to your SSHD daemon
grep "refused connect from" secure.*  | grep "sshd" | sed s/::ffff://g  | cut -d' ' -f9 |sort|uniq -c|sort -nr|more

Comments

Popular posts from this blog

Basic Send Message to MQ with Java and IBM MQ JMS

Basic Receive Message to MQ with Java and IBM MQ JMS

Creating a simple Alert / Success Message with ASP.NET/VB using Bootstrap