Failed login reporting
Hi all,
The main amount of activity I see on my server is login attempts on SSH, and always has to do with password attempts. I'm investigating different software I can use to effectively report such activity to providers. I guess this elusive program's features would include a log analyzer, nslookup parser, intrusion reporting to ISP, and firewall-rule appending for repeated offenses. Can anyone recommend a cron-able script or program which handles this sort of activity? Thanks! |
You can use grep as shown here http://www.cyberciti.biz/nixcraft/vi...led-login.html but better way is use logwatch the which can send an email and has lot of ther features too see http://www2.logwatch.org:81/
Hope this helps! |
All times are GMT -5. The time now is 12:14 PM. |