This is to gather the IP addresses and the USERNAME and PASSWORDS that were used in the attempts to login to my machines.
# Run this every day at least in order to get all the entries.
# Run this before the logrotate does its work on the log for the day/week/month...
# Since I am only looking at the recent listings, only look at todays based on the date timestamp
# Only read todays and loop each line in the string
grep -i $todays_date /home/kris/kippo-0.5/log/kippo.log | while read -r line; do
# Only read the lines that contain login auths and IPs. All in one line in this case.
if [[ `echo $line | grep -i "login attempt"` ]]; then
# Cut out the different parts.
inIP=`echo $line | grep -i "login attempt" | cut -d '[' -f 2 | cut -d ',' -f 3 | cut -d ']' -f 1`
inUSER=`echo $line | grep -i "login attempt" | cut -d '[' -f 3 | cut -d '/' -f 1`
inPASS=`echo $line | grep -i "login attempt" | cut -d '[' -f 3 | cut -d '/' -f 2 | cut -d ']' -f 1`
# Throw it all in together for outputing to a log of my own.
# IF we do not already have it in the log, append the info to it.
if [ ! `grep $output /root/kippo_ssh_auths.log` ]; then
echo "$inIP|$inUSER|$inPASS" >> /root/kippo_ssh_auths.log
519 total views, no views today