shell script 樹莓派 log 分析工具

August 1, 2018

2142views

2279 words

shell script 樹莓派 log 分析工具

主要功能

1. 搜尋是否有人正在嘗試登錄ssh端口，並且分析有哪些ip是嘗試失敗或是登錄成功
2. 自動從高嘗試次數排列到低嘗試次數
3. 分析ip是哪些國家，這裡使用api https://ip.cn/index.php?ip=ip

#!/bin/bash
initializeANSI()
{
  esc=""

  blackf="${esc}[30m";   redf="${esc}[31m";    greenf="${esc}[32m"
  yellowf="${esc}[33m"   bluef="${esc}[34m";   purplef="${esc}[35m"
  cyanf="${esc}[36m";    whitef="${esc}[37m"
  
  blackb="${esc}[40m";   redb="${esc}[41m";    greenb="${esc}[42m"
  yellowb="${esc}[43m"   blueb="${esc}[44m";   purpleb="${esc}[45m"
  cyanb="${esc}[46m";    whiteb="${esc}[47m"

  boldon="${esc}[1m";    boldoff="${esc}[22m"
  italicson="${esc}[3m"; italicsoff="${esc}[23m"
  ulon="${esc}[4m";      uloff="${esc}[24m"
  invon="${esc}[7m";     invoff="${esc}[27m"

  reset="${esc}[0m"
}

initializeANSI


IPV4_format='[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+'
Log_Path='/var/log/auth.log*'
Fasle_text="${redf} \nfasle access\n ${reset}"
Success_text="${greenf} \nSuccess access\n ${reset}"
Country_API="https://ip.cn/index.php?ip="

######################################分析IP函數
Success_Grep()
{
    grep Accepted | grep publickey
}

Fasle_Grep()
{
    grep error | grep maximum
}

Order()
{
    sort | uniq -c | sort -n -r
}
Order_Country()
{
    sort | uniq -w 16 | sort -n -r
}
######################################
analyis_ip()
{
  echo -e $Fasle_text
  #Fasle
  cat ${Log_Path} | Fasle_Grep | grep -o ${IPV4_format} | Order
  #success
  echo -e $Success_text
  cat ${Log_Path} | Success_Grep | grep -o ${IPV4_format} | Order
  echo ""
}

Found_Country()
{
  echo -e $Fasle_text
  tmp=`cat ${Log_Path} | Fasle_Grep | grep -o ${IPV4_format} | Order_Country `
  echo -e "$tmp" > tmp
  count=`wc -l tmp | sed 's/ tmp//g'`
  for (( i=1; i<=$count; i++ ))
  do
    count_ip=`sed -n ${i}p tmp`
        curl -s "${Country_API}${count_ip}"
  done
  echo -e $Success_text
  tmp_two=`cat ${Log_Path} | Success_Grep | grep -o ${IPV4_format} | Order_Country `

  echo -e "$tmp_two" > tmp2
  count_two=`wc -l tmp2 | sed 's/ tmp2//g'`
  for (( i=1; i<=$count_two; i++ ))
  do
    count_ip2=`sed -n ${i}p tmp2`
        curl -s "${Country_API}${count_ip2}"
  done
  echo ""
  rm -f tmp
  rm -f tmp2
}
update_shell_script ()
{
wget --no-check-certificate -qO- https://raw.githubusercontent.com/king567/WIJ-shell-script-library/master/analysis_log.sh > $0
echo -e ${greenf}"\n更新成功\n"${reset}
}
echo "(1).analysis ip"
echo "(2).Ip Country Name"
echo "(3).更新腳本"
read -p "請輸入選項(1-3) :" choose
    case ${choose} in
       1)
            analyis_ip
         ;;
       2)
            Found_Country
         ;;
       3)
            update_shell_script
         ;;
       *)
         echo "輸入錯誤選項"
         ;;
    esac

執行結果

如下圖：
執行結果

shell script 樹莓派 log 分析工具

king • 2018 年 08 月 01 日

shell script 樹莓派 log 分析工具

主要功能

#!/bin/bash
initializeANSI()
{
  esc=""

  blackf="${esc}[30m";   redf="${esc}[31m";    greenf="${esc}[32m"
  yellowf="${esc}[33m"   bluef="${esc}[34m";   purplef="${esc}[35m"
  cyanf="${esc}[36m";    whitef="${esc}[37m"
  
  blackb="${esc}[40m";   redb="${esc}[41m";    greenb="${esc}[42m"
  yellowb="${esc}[43m"   blueb="${esc}[44m";   purpleb="${esc}[45m"
  cyanb="${esc}[46m";    whiteb="${esc}[47m"

  boldon="${esc}[1m";    boldoff="${esc}[22m"
  italicson="${esc}[3m"; italicsoff="${esc}[23m"
  ulon="${esc}[4m";      uloff="${esc}[24m"
  invon="${esc}[7m";     invoff="${esc}[27m"

  reset="${esc}[0m"
}

initializeANSI


IPV4_format='[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+'
Log_Path='/var/log/auth.log*'
Fasle_text="${redf} \nfasle access\n ${reset}"
Success_text="${greenf} \nSuccess access\n ${reset}"
Country_API="https://ip.cn/index.php?ip="

######################################分析IP函數
Success_Grep()
{
    grep Accepted | grep publickey
}

Fasle_Grep()
{
    grep error | grep maximum
}

Order()
{
    sort | uniq -c | sort -n -r
}
Order_Country()
{
    sort | uniq -w 16 | sort -n -r
}
######################################
analyis_ip()
{
  echo -e $Fasle_text
  #Fasle
  cat ${Log_Path} | Fasle_Grep | grep -o ${IPV4_format} | Order
  #success
  echo -e $Success_text
  cat ${Log_Path} | Success_Grep | grep -o ${IPV4_format} | Order
  echo ""
}

Found_Country()
{
  echo -e $Fasle_text
  tmp=`cat ${Log_Path} | Fasle_Grep | grep -o ${IPV4_format} | Order_Country `
  echo -e "$tmp" > tmp
  count=`wc -l tmp | sed 's/ tmp//g'`
  for (( i=1; i<=$count; i++ ))
  do
    count_ip=`sed -n ${i}p tmp`
        curl -s "${Country_API}${count_ip}"
  done
  echo -e $Success_text
  tmp_two=`cat ${Log_Path} | Success_Grep | grep -o ${IPV4_format} | Order_Country `

  echo -e "$tmp_two" > tmp2
  count_two=`wc -l tmp2 | sed 's/ tmp2//g'`
  for (( i=1; i<=$count_two; i++ ))
  do
    count_ip2=`sed -n ${i}p tmp2`
        curl -s "${Country_API}${count_ip2}"
  done
  echo ""
  rm -f tmp
  rm -f tmp2
}
update_shell_script ()
{
wget --no-check-certificate -qO- https://raw.githubusercontent.com/king567/WIJ-shell-script-library/master/analysis_log.sh > $0
echo -e ${greenf}"\n更新成功\n"${reset}
}
echo "(1).analysis ip"
echo "(2).Ip Country Name"
echo "(3).更新腳本"
read -p "請輸入選項(1-3) :" choose
    case ${choose} in
       1)
            analyis_ip
         ;;
       2)
            Found_Country
         ;;
       3)
            update_shell_script
         ;;
       *)
         echo "輸入錯誤選項"
         ;;
    esac

執行結果

如下圖：
執行結果

shell script 樹莓派 log 分析工具

shell script 樹莓派 log 分析工具

主要功能

執行結果

Leave a Comment Cancel reply

Plex + Rclone 掛載 Google drive 搭建多媒體伺服器

Linux上利用vlmcsd搭建KMS伺服器

C#利用委派來更新UI

Arduino EEPROM 教學

HDD系統轉移到SSD

使用rsync同步網站資料

Ubuntu 搭建ASP.NET環境

Typecho 修改 Domain Name 方法

搭建pptp vpn 伺服器

shell script 取得Github 的使用者資訊

shell script 樹莓派 log 分析工具

shell script 樹莓派 log 分析工具

主要功能

執行結果