3

I'm currently writing a script to examine /var/log/secure file and report how many failed attempts there were that day. I need to output it in the following format:

Date: 03/15/10 Time: 10:30 Number of failed attempts: 8

Heres my code so far (Haven't done much)... Am I on the right track?

#!/bin/bash

classGID=5000
passfile=/var/log/secure


for i in $(grep ${classGID} ${passfile} | cut -d: -f1)
do

date=$(grep $i{passfile} | cut -d: -f2)

echo "Date: ${date}"

done
Improve this question
2
  • I recommend just using logwatch. Commented Mar 14, 2013 at 23:00
  • 2
    or use perl to make things much easier. Commented Mar 14, 2013 at 23:39

1 Answer 1

Reset to default
0 
#!/usr/bin/env bash

c=1
while read line
do
        a=( $line )
        d="${a[@]::3}"
        logdate=$( date '+%F' -d"$d" )
        if [[ $logdate == $old_logdate ]]; then
                (( c++ ))
        elif [[ $old_logdate != $logdate ]]; then
                printf "%s\t%s\t%s%s\n" "Date: $old_logdate Number of failed attempts: $c"
                old_logdate=$logdate
                c=1
                continue
        else
                printf "%s\t%s\t%s%s\n" "Date: $logdate Number of failed attempts: $c"

        fi

done < <(grep 'authentication failure' /var/log/secure)

it's skip last record , I don't know why

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.