#!/bin/bash
cp sshd.log sshdn.log
awk '/Accepted/{a[$(NF-3)]++}END{for(i in a)print i}' sshdn.log|\
while read -r IP ; do
IPn=$(dig +short -x $IP)
sed "/Accepted/s/$IP/$IPn/" sshdn.log >sshdnn.log && mv sshdnn.log sshdn.log
done
more sshdn.log
Before
# more sshd.log
Apr 10 10:14:36 src@testlinux.site sshd[16795]: Accepted keyboard-interactive/pam for root from 191.255.XXX.XXX port XXXXX ssh2
After
# ./test
Apr 10 10:14:36 src@testlinux.site sshd[16795]: Accepted keyboard-interactive/pam for root from lorem-ipsum.lorem.com.my port XXXXX ssh2
No comments:
Post a Comment