Hello Experts,
I have this initial shell script that tracks failed login attempts:
#!/bin/bash
#Fetch failed user logins to file failed-logins.txt
grep -i failed /var/log/secure | awk '{ print $1, $2" ", $3" ", $9" ", $11 }' > failed-logins.txt
#Splitting the failed-logins in INVALID & VALID
cat failed-logins.txt | grep -i invalid > invalid-failed-logins.txt
cat failed-logins.txt | grep -v invalid > valid-failed-logins.txt
and have the ff output for valid-failed-logins:
Jan 18 14:15:03 root 218.104.65.210
Jan 18 14:15:07 root 218.104.65.210
Jan 18 14:15:11 root 218.104.65.210
Jan 18 14:15:23 root 218.104.65.210
Jan 18 14:15:26 root 218.104.65.210
Jan 18 14:15:31 root 218.104.65.210
Jan 18 14:15:35 root 218.104.65.210
Jan 18 14:15:38 root 218.104.65.210
Jan 18 14:15:47 root 218.104.65.210
Jan 18 14:15:57 root 218.104.65.210
Jan 18 14:16:00 root 218.104.65.210
Jan 18 14:16:04 root 218.104.65.210
Jan 18 14:16:50 root 218.104.65.210
Jan 18 14:16:53 root 218.104.65.210
Jan 18 14:16:57 root 218.104.65.210
Jan 18 14:17:01 root 218.104.65.210
Jan 18 14:17:04 root 218.104.65.210
Jan 18 14:17:08 root 218.104.65.210
Jan 18 14:17:12 root 218.104.65.210
Jan 18 14:22:56 root 59.76.81.123
Jan 18 14:32:17 root 220.78.22.250
Jan 18 14:32:21 root 220.78.22.250
Jan 18 14:32:24 root 220.78.22.250
Jan 18 14:32:26 root 220.78.22.250
Jan 18 14:32:29 root 220.78.22.250
Jan 18 14:32:33 root 220.78.22.250
Jan 18 14:32:36 root 220.78.22.250
Jan 18 14:32:39 root 220.78.22.250
Jan 18 14:32:41 root 220.78.22.250
Jan 18 14:32:44 root 220.78.22.250
Jan 18 14:32:47 root 220.78.22.250
Jan 18 14:32:50 root 220.78.22.250
Jan 18 14:32:57 root 220.78.22.250
Jan 18 18:22:35 root 119.111.70.244
Jan 18 18:22:41 root 119.111.70.244
Jan 18 21:31:07 root 209.151.232.70
Jan 18 21:31:09 root 209.151.232.70
Jan 18 21:31:13 root 209.151.232.70
Jan 18 21:31:16 root 209.151.232.70
Jan 18 21:31:19 root 209.151.232.70
Jan 18 21:31:22 root 209.151.232.70
Jan 18 21:31:25 root 209.151.232.70
Jan 18 21:31:28 root 209.151.232.70
Jan 18 21:31:32 root 209.151.232.70
Jan 18 21:31:34 root 209.151.232.70
Jan 18 21:31:38 root 209.151.232.70
Jan 18 21:31:41 root 209.151.232.70
Can you help me how to get the total failed login attempts from each source?
For e.g.
Jan 18 21:31:13 root 209.151.232.70 = 12 attempts