#!/bin/sh
# extract useful data from auth log
# modified for OpenBSD auth log format and sort
# first, host names
echo Extracting host names into statistics file
grep Failed bigauthlog | grep -v invalid| awk '{print $11}' >fails
grep Failed bigauthlog | grep invalid | awk '{print $13}' >>fails
sort < fails | uniq -c | sort -r >hail-marys-by-frequency.txt
# next, statistics on user names
echo Extracting user names into statistics file
grep Failed bigauthlog | grep -v invalid | awk '{print $9}' >names
grep Failed bigauthlog | grep invalid | awk '{print $11}' >>names
sort < names | uniq -c | sort -r >hail-mary-users-by-frequency.txt
# separate out one part of the attempts for counting
grep Failed bigauthlog >hail-mary-singles.txt
# copy big log to a better text file name
cp bigauthlog hail-marys-raw.txt