d2jsp
Log InRegister
d2jsp Forums > Off-Topic > Computers & IT > Programming & Development > Log Files > Maybe You Could Help?
Add Reply New Topic New Poll
Views: 189Replies: 3Track Topic
Member
Posts: 4,969
Joined: Nov 20 2011
Gold: 1.00
#1
Nov 3 2014 04:43pm
So I have a computer security class that is requiring me to write a program in the language of my choosing that processes log files.

The lab is requiring me to do:
Consider log files of login attempts with each line containing the following fields: (this is non-standard):
Date time status "from" IP

Date is a three letter abbrev of the month followed by a space followed by a two digit representation of the day. EG:
Oct 29
Oct 30
Oct 31
Nov 01
Nov 02
Time is a 24-hour clock representation of hh:mm:ss EG:
22:25:16 25 minutes and 16 seconds after 10pm
01:05:00 5 minutes and 0 seconds after 1am
Status will be one of the following:
invalid user xxx
invalid password for user xxx
successful login for user xxx
logout for user xxx
IP is an IP Address. EG:
137.43.136.55
110.164.65.85


This is a sample he has given us:
Oct 29 22:25:16 invalid user superman from 137.43.136.55
Oct 29 22:30:17 invalid user batman from 137.43.136.55
Oct 30 01:05:00 invalid password for user mcelfresh from 110.164.65.85
Oct 30 01:05:30 successful login for user mcelfresh from 110.164.65.85
Oct 30 02:30:15 logout for user mcelfresh from 110.164.65.85

I'm wondering if anybody has a server/access to log files that I may use for this project. I will be changing the IP's, dates, and times. I also have conditions that I will be implementing such as 10 failed login attempts within an hour. Any help would be very appreciated -- these log files are expected to be our own creation, that is, not just generically copied and pasted from the internet such as going to stackoverflow and using something already posted.




IF THIS SORT OF POST IS AGAINST THREAD RULES, I AM SORRY!
Member
Posts: 5,988
Joined: May 6 2006
Gold: 30.00
#2
Nov 3 2014 05:10pm
http://docs.splunk.com/Documentation/Storm/Storm/User/Adddatatoyourproject

Not sure if this is helpful, but there is a zip file in that link that has some logs that may be of use to you
Member
Posts: 13,425
Joined: Sep 29 2007
Gold: 0.00
Warn: 20%
#3
Nov 3 2014 05:35pm
Just type 'w' on a linux machine and it brings up all users logged in.

Code
abduct@hypersomnia:~/anime/log2$ w
15:35:23 up 118 days, 23:30, 5 users, load average: 0.00, 0.01, 0.05
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
abduct pts/1 192.168.0.198:S. Sat16 3.00s 0.33s 0.33s /bin/bash
abduct pts/3 192.168.0.198:S. 25Oct14 47:50m 0.31s 0.31s /bin/bash
abduct pts/2 192.168.0.198:S. 23Oct14 3days 1.60s 1.60s /bin/bash
abduct pts/4 192.168.0.198:S. Sat16 47:49m 0.29s 0.29s /bin/bash


If you are looking for something more extensive such as failed login attempts for ssh, try browsing through /var/log
Member
Posts: 4,969
Joined: Nov 20 2011
Gold: 1.00
#4
Nov 4 2014 12:50pm
Thanks for the advice guys, my school has servers so maybe I'll try that!

/e for the CS department specifically that is

This post was edited by Hood_Nigga on Nov 4 2014 12:50pm
Go Back To Programming & Development Topic List
Add Reply New Topic New Poll

© 2003-2026 d2jsp  Contact