I'm new to this web site and hope I'm doing this correctly.
I'm looking for some sort of PHP-code to scan my /var/log/secure to filter breakin attempts. Below are just some examples of string that need to be searched and get the IP address ONLY. I'm using 0.0.0.0 as an example of an IP address and not the actual IP.
Failed password for invalid user admin from 0.0.0.0 port 3108
Invalid user ubnt from 0.0.0.0
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=0.0.0.0
Aucun commentaire:
Enregistrer un commentaire