I need a bash script to traverse a filesystem from a server, and look for suspicious activity. This is mainly suspicious activity in the messages log, such as port probing from the same ip address, repeated failed login attempts etc.
Ive managed to traverse the filesystem but could do with a hand on looking for suspicious activity as I am not used to checking server logs.
Any help with the script or how to identify indicators of suspicious activity would be gratefully received.
Pinned topic Bash script for server log (namely var/log/messages)
Answered question This question has been answered.
Unanswered question This question has not been answered yet.
Updated on 2008-03-12T12:34:30Z at 2008-03-12T12:34:30Z by SystemAdmin