Giters

KiemVM / logalyzer

Auth.log parser

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

logalyzer

Logalyzer is a script I wrote to make looking through the auth logs neater. It can parse users, IP addresses, failures, etc.

Some examples:

# python logalyzer.py -h
Usage: logalyzer.py [options]

Options:
  -h, --help  show this help message and exit
  -u          Specify user.  Blank lists all users.
  --full      Full log dump for specified user
  -l LOG      Specify log file.  Default is auth.log
  -f          List failures
  -s          List success logs
  -c          List commands by user
  -i          List IP Addresses

Combine flags to view user-specific information.  '-u test -i' lists IP
addresses associated with user test

# sudo python logalyzer.py -u bryan
[!] Log file:  /var/log/auth.log
[!] Logs associated with user 'bryan'
[+] First log:  Jul 24 21:26:09
[+] Last log:  Jul 24 23:38:26
[!] Failure Logs
[!] Success Logs
[!] Associated IPs
    192.168.1.118
[!] Commands
	/usr/bin/apt-get dist-upgrade
	/usr/local/bin/python logalyzer.py -l /var/log/auth.log.1 -u bryan
	/usr/local/bin/python logalyzer.py -u bryan -l /var/log/auth.log.1 -s

# python logalyzer.py -l /var/log/auth.log.1 -u bryan -c
[!] Log file:  /var/log/auth.log.1
[+] Commands for user 'bryan'
	/usr/bin/apt-get update
	/usr/bin/apt-get dist-upgrade

About

Auth.log parser

Languages

Language:Python 100.0%