https://github.com/pseudomanifold/auceps
A script for analysing potentially nefarious `auth.log` entries
https://github.com/pseudomanifold/auceps
log-analysis plotly visualization
Last synced: 6 months ago
JSON representation
A script for analysing potentially nefarious `auth.log` entries
- Host: GitHub
- URL: https://github.com/pseudomanifold/auceps
- Owner: Pseudomanifold
- License: mit
- Created: 2019-03-02T19:38:46.000Z (over 6 years ago)
- Default Branch: master
- Last Pushed: 2019-04-25T07:22:50.000Z (over 6 years ago)
- Last Synced: 2025-03-24T15:47:22.765Z (7 months ago)
- Topics: log-analysis, plotly, visualization
- Language: Python
- Size: 13.7 KB
- Stars: 11
- Watchers: 2
- Forks: 3
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE.md
Awesome Lists containing this project
README
# Auceps: Analysing `auth.log` log files
This is a simple script for analysing `auth.log`. It tabulates IP
addresses and user names that are involved in failed login attempts
via `ssh` (although the script could be easily extended to cover
other services, as well). Moreover, it creates a CSV file for subsequent
[choropleth map](https://en.wikipedia.org/wiki/Choropleth_map) plotting.
## Usage
$ pipenv shell
$ ./auceps.py /var/log/auth*
$ ./make_choropleth_map.py /tmp/countries.csv
For the choropleth map creation, you need to have a valid
[plotly](https://plot.ly) account.
## Example
See [my blog post on analysing nefarious ssh access attempts](http://bastian.rieck.me/blog/posts/2019/ssh_incidents) for more details.