server log information

serverlog.sh

#!/bin/bash
#description:analyse web server log.
#ver 0.1
#2014/11/20 Tyr	analyse auth,message,apache,ssh,vsftpd
echo "

"
echo -e "=======================系统信息===========================
内核版本:  `uname -a`
CPU信息:  `cat /proc/cpuinfo | egrep "model name|cpu MHz|Processor"|cut -d : -f2`
主机名:  `hostname`
分析日期:  `date`
当前分区挂载信息:\n
`df -h`
"
echo -e "=======================端口信息===========================
仅对本地开放的端口:

`netstat -tunlp | grep 127.0.0.1|awk 'NR==1{printf"协议\t端口\tPID\t进程\n"}
	{gsub("127.0.0.1:","");gsub("LISTEN","");gsub("/","\t");print $1"\t"$4"\t"$6"\t"$7}'`

对外部接口开放的端口:

`netstat -tunlp -4 | grep -v "127.0.0.1" |awk 'NR==1{printf"协议\t端口\tPID\t进程\n"} 
     NR>2 {gsub("LISTEN","");gsub("/","\t");print $1"\t"$4"\t"$6"\t"$7}'| sed -r 's/(([0-9]{1,3})\.){3}[0-9]{1,3}://g'`
"
echo -e "=======================ssh信息===========================
成功登陆记录:

时间			用户名	登录者ip
`cat /var/log/auth.log | grep ".*sshd.*Accepted password for"|awk '{print $1,$2,$3"\t\t"$9"\t"$11 }'`

失败登陆记录:

时间			用户名	登录者ip
`cat /var/log/auth.log | grep ".*sshd.*authentication failure"|sed -e "s/${HOSTNAME}.*rhost=//g" -e 's/user=//g'|
	awk '{print $1,$2,$3 "\t\t"$5"\t"$4}'`
"
 echo -e "====================vsftpd信息===========================
 成功登陆记录:
 时间			用户名	登录者ip
 $( cat /var/log/vsftpd.log |grep "OK LOGIN" | awk '{gsub("\[|\]|\"","");print $2,$3,$4"\t\t"$8"\t\t"$12}')
"

 echo -e "===================lastlog信息===========================
`lastlog | grep -v "Never"`
"