Sawing Linux Logs with Simple Tools - page 2
Good Ole grep
Crafting clever, complex regular expressions is quite fun, and a more worthy use of one's time than comatose drooling in front of "Reality TV." However, there are many simple searches that do the job just fine. You can search
/var/log/auth.logquickly to see if anyone has made an inordinate number of failed login attempts. The -i option does a case-insensitive search:
$ grep -i "fail" /var/log/auth.log ... Sep 13 16:26:34 server02 PAM_unix: authentication failure; (uid=0) -> root for ssh service Sep 13 16:26:36 server02 sshd: Failed password for root from 220.127.116.11 port 3210 ssh2 Sep 13 16:26:38 server02 PAM_unix: authentication failure; (uid=0) -> root for ssh service Sep 13 16:26:40 server02 sshd: Failed password for root from 18.104.22.168 port 3210 ssh2 ...
Well well, someone came a' knockin' on the SSH (secure shell) door. Knowledge is power--at this point, you could fine-tune your iptables to drop packets from the originating IP, or you could do a little sleuthing to find the source, or you could create a nice honeypot and amuse yourself trapping the no-good person trying to get into your system. You can even count the number of attempts:
$ grep "22.214.171.124" /var/log/auth.log | wc -l 8656
That's a rather persistent little twit, I'd say.
Solid state disks (SSDs) made a splash in consumer technology, and now the technology has its eyes on the enterprise storage market. Download this eBook to see what SSDs can do for your infrastructure and review the pros and cons of this potentially game-changing storage technology.