Results 1 to 2 of 2

Thread: message log parser?

  1. #1
    Junior Member Newbie
    Join Date
    Jun 2006
    Posts
    8

    Default message log parser?

    After putting a few clients on POP3 accounts I was hoping I could monitor usage (who logs in, from what IP, deleted and left message, etc). I know by default all this information is kept in the /var/logs/messages file and I can open it manually all the time but the more and more users I have on here that is becoming tedious.

    Can anyone tell me about a log parser or stat reporter that will sort through that log file and report via html? I'd also hope for a "clear" function of some sort to delete the information out of the logs.

    Thanks for any help.

  2. #2
    Junior Member Newbie
    Join Date
    Sep 2006
    Posts
    1

    Default

    I developed a script that greps trough /var/log/messages and apache's access_log for failed login attempts and for php scripts vulnerability scans. It pulls the ips and drops them in a file. After that the file is used to deny access to the server for that ips.

    It shouldn't be too hard to write a shell script that greps through the log file after what you need and to send the information in mail or to display it nicely in html formated file.

    The line that gives me the ip:
    Code:
    cat /var/log/messages | grep "Failed password for illegal user" | cut -d " " -f 13 | cut -d : -f 4  > iplist
    I'm using grep to get the lines that contains the string "Failed password ..." then i cut till i get the ip and send the result to a file.

    About clearing the logs - i prefer to rotate the logs and keep them as they are for a long period of time.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •