Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Tracking Failed login attempts

Status
Not open for further replies.
Dervie

Dervie

Programmer
Apr 8, 2009
8
JM
Hello, I am trying to track failed login attempts in SCO. I have used a script that I got from a forum here and it has worked to a degree. Here is the script I used:

cd /tcb/files/auth
awk -F: '
{for(i=1;i<=NF;++i)if($i~/unsuclog/)print substr(FILENAME,3),$i}
' ?/* | while read user date
do echo "$user\t$(perl -e 'use POSIX;print ctime($date)')"
done

and here is the result:

dpalmer $(perl -e 'use POSIX;print ctime(u_unsuclog#1239206368)')

I would love to get a proper date and time when the unsuccessful login took place. Could someone please tell me what's wrong with the code?
 
Sort by date Sort by votes
Replace this:
print substr(FILENAME,3),$i
with this:
d=$i;sub(/.*#/,"",d);print substr(FILENAME,3),d

and this:
$(perl -e 'use POSIX;print ctime($date)')
with this:
`perl -e 'use POSIX;print ctime($date)'`

Hope This Helps, PH.
FAQ219-2884
FAQ181-2886
 
Upvote 0 Downvote
Thanks PHV. I now have this

cd /tcb/files/auth
awk -F: '
{for(i=1;i<=NF;++i)if($i~/unsuclog/)d=$i;sub(/.*#/,"",d);print substr(FILENAME,3),d}
' ?/* | while read user date
do echo "$user\t`perl -e 'use POSIX;print ctime($date)'`"
done

The result however is still undesirable because now it doesn't tell me about unsuccessful/successful. Here is a sample of the output.

dpalmer Wed Dec 31 19:00:00 1969
dpalmer Wed Dec 31 19:00:00 1969
dpalmer Wed Dec 31 19:00:00 1969
dpalmer Wed Dec 31 19:00:00 1969

This is displayed for every user.
 
Upvote 0 Downvote
sorry for the typo:
{for(i=1;i<=NF;++i)if($i~/unsuclog/)[!]{[/!]d=$i;sub(/.*#/,"",d);print substr(FILENAME,3),d[!]}[/!]}

Hope This Helps, PH.
FAQ219-2884
FAQ181-2886
 
Upvote 0 Downvote
PHV, This is what I have now

cd /tcb/files/auth
awk -F: '
{for(i=1;i<=NF;++i)if($i~/unsuclog/){d=$i;sub(/.*#/,"",d);print substr(FILENAME,
3),d}}
' ?/* | while read user date
do echo "$user\t`perl -e 'use POSIX;print ctime($date)'`"
done


This is the result
dpalmer Wed Dec 31 19:00:00 1969
dpalmer Wed Dec 31 19:00:00 1969

Still doesn't tell me about u_unsuclog as shown above and the dates are still the same.
 
Upvote 0 Downvote
what about this ?
Code: 
cd /tcb/files/auth
awk -F: '{for(i=1;i<=NF;++i)if($i~/_unsuclog/){
  split($i,x,/#/);print substr(FILENAME,3),x[1],x[2]
}}' ?/* | while read user unsuc date
do echo "$user\t$unsuc\t`perl -e 'use POSIX;print ctime('$date')'`"
done

Hope This Helps, PH.
FAQ219-2884
FAQ181-2886
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

JohnPeake212
  • Locked
  • Question
SCO Unix 5.0.6 allocb failed - NSTRPAGES Exceeded
Replies
2
Views
169
JohnPeake212
JohnPeake212
nyck
  • Locked
  • Question
Failed disk in volume group
Replies
2
Views
99
nyck
nyck
billo102
  • Locked
  • Question
ssh login with blank password
Replies
3
Views
95
billo102
billo102
Carlitos71
  • Locked
  • Question
Error in login
Replies
3
Views
73
Hidsjer
Hidsjer
chris5234
  • Locked
  • Question
no login via modem
Replies
9
Views
86
motoslide
motoslide

Part and Inventory Search

Sponsor

Back
Top