I am looking for a way to accomplish one of my requirement where I want to automate log file monitoring of "failed login attempt" with a specific pattern using Unix Shell Script.
Below is a log snippet
sequence_number=12345,remote_client=sapserver,2016-03-18 03:29:44:782 EDT,messageID=1002,user=jdoe@example.com,client_ip_address=10.129.220.45,client_port=10250,browser_ip_address=x.x.x.x,result_code=2,result_action=Login Failure,result_reason=Invalid Password
Note: The "result_code=2" in log file denotes a failed login.
Below is the requirement and pattern
- Monitor log file consistently (access.log)
- If a Invalid Password is noticed in the log file for the same user more than 50 times within a minute, trigger an email with User ID, Client IP, Browser IP, Number of failed attempts made for that run
- Watch the log and do this continuously.
Being an amateur shell script developer, i am unable to think of achieving this using shell script. Requesting for ideas / solutions.
Thanks in advance !
Aucun commentaire:
Enregistrer un commentaire