| 123456789101112131415161718192021222324252627 |
- #!/bin/bash
- DIRLOG=$(tac /var/log/apache2/access.log* | sort -k4)
- NETLOG=$(cat /var/log/auth.log*)
- if [ "$1" = "--help" ]
- then
- echo "--ip all IP address connections to apache"
- echo "--get all get requests to apache"
- echo "--post all post requests to apache"
- echo "--last show last 25 lines of apache log"
- echo "--common count connections per ip to apache"
- echo "--owncloud file uploads from users"
- echo "--vichan activity of vi chan"
- echo "--invalid-logins invalid login attempts"
- echo "--logins valid login attempts"
- fi
- if [ "$1" = "--ip" ]; then echo "$DIRLOG" | egrep -o '\b[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\b'; fi
- if [ "$1" = "--get" ]; then echo "$DIRLOG" | egrep "GET" | cut -d\ -f 1,4,7; fi
- if [ "$1" = "--post" ]; then echo "$DIRLOG" | egrep "POST" | cut -d\ -f 1,4,7 ; fi
- if [ "$1" = "--last" ]; then echo "$DIRLOG" | tail -25; fi
- if [ "$1" = "--common" ]; then echo "$DIRLOG" | tail -10000 | awk '{print $1}' | sort | uniq -c | sort -n | tail; fi
- if [ "$1" = "--owncloud" ]; then echo "$DIRLOG" | egrep "owncloud" | egrep "PUT" | cut -d\ -f 1,4,7; fi
- if [ "$1" = "--vichan" ]; then echo "$DIRLOG" | egrep "vichan" | cut -d\ -f 1,4,7; fi
- if [ "$1" = "--invalid-logins" ]; then echo "$NETLOG" | grep "Invalid"; fi
- if [ "$1" = "--logins" ]; then echo "$NETLOG" | grep "Accepted password"; fi
|
