API tools faq
paste
Advertisement
kaiux

SSH Logs to DOT

kaiux
Oct 4th, 2014
250
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 0.85 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/env bash
  2. # @kaiux - 2014
  3. #
  4. ###### Explanation
  5. #
  6. #This filter looks for "Invalid user" token at ssh log's file
  7. #Sep 28 23:35:34 srv01 sshd[10644]: refused connect from 10.208.200.99 (10.208.200.99)
  8. #Sep 28 23:38:25 srv01 sshd[10648]: Invalid user zhangyan from 194.225.68.224
  9. #Sep 28 23:38:39 srv01 sshd[10652]: Invalid user dff from 194.225.68.224
  10.  
  11. # this is not the best filter, but it works
  12. # you need to run it as root or sudo
  13.  
  14. DOT_OUTPUT=ssh_users.dot
  15. SSH_LOG="/var/log/auth.log"
  16.  
  17. echo "Digraph G {" > ${DOT_OUTPUT}
  18. sudo cat ${SSH_LOG} | grep "Invalid user" | awk '{print "\""$10"\"", "->", "\""$8"\";"}' | sort | uniq >> ${DOT_OUTPUT}
  19.  
  20. echo "}" >> ${DOT_OUTPUT}
  21.  
  22. # You can use Graphivz
  23. # Uncomment the following lines to generate your graph
  24. # dot -Tpng ssh_users.dot -o ssh_force1.png
  25. # circo -Tpng ssh_users.dot -o ssh_force2.png
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!