#!/bin/sh
# extract useful data from auth log
#first, host names
echo Extracting host names into statistics file
grep "Failed password" bigauthlog | grep "invalid user" | awk '{print $13}' >fails
grep "Failed password" bigauthlog| grep -v "invalid user" | awk '{print $11}' >>fails
sort -rn < fails | uniq -c | sort -r >gropers-by-frequency.txt
sort -u < fails >hostnames
# next, statistics on user names
echo Extracting user names into statistics file
grep "Failed password" bigauthlog | grep "invalid user" | awk '{print $11}' >names
grep "Failed password" bigauthlog | grep -v "invalid user" | awk '{print $9}' >>names
sort -rn < names | uniq -c | sort -r >groped-users-by-frequency.txt
sort -u <names >usernames