#!/bin/sh
# extract useful data from auth log
#first, establish our headers
outfile=attempts_hosts_users.csv
echo "Date;Attempts;Hosts;Users" >$outfile

for foo in 1 2 3 4 5 6 ; do 
#first, host names
     #echo Extracting host names into statistics file
     attempts=`grep -c "Apr  $foo" bigauthlog`; 
     grep "Apr  $foo" bigauthlog | grep "Failed password" | grep "invalid user" | awk '{print $13}' >fails.tmp
     grep "Apr  $foo" bigauthlog | grep "Failed password" | grep -v "invalid user" | awk '{print $11}' >>fails.tmp
     hosts=`sort -u < fails.tmp | wc -l`; 
# next, statistics on user names
#echo Extracting user names into statistics file
     grep "Apr  $foo" bigauthlog | grep "Failed password" | grep "invalid user" | awk '{print $11}' >names.tmp
     grep "Apr  $foo" bigauthlog | grep "Failed password" | grep -v "invalid user" | awk '{print $19}' >>names.tmp
users=`sort -u < names.tmp | wc -l`;

echo "Apr  $foo 2012;$attempts;$hosts;$users;" >>$outfile;

done;