Log-parser script for ssh-auditing - server-side tool.
Switch branches/tags
Nothing to show
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.


sshlog v1.6

A command-line (S)ecure (SH)ell (LOG)-utility, for client-side terminal- / mobile- and NAS-use.

sshlog is a Bash-script to assemble ssh-connection logs, meant firstly for Linux-administrators / datacenter-operators with sufficient command-line interface (CLI) experience, or mostly anyone who can benefit from using it ;)

It was prototyped to be useful on small computer-terminals and mobile devices, like Android smart-phones / -tablets / -netbooks, and nowadays usually on low-end Windows 10 hardware and similar low-power computers.

what does sshlog do?

sshlog generates a log of SSH connections made to a Linux system, filters results based on command-line arguments provided and pipes the results to the screen, or, into a timestamped textfile in "~/ssh-logs" in your home-directory. It can filter log-results based on accepted/failed login(s), or by authentication-method(s) used by the remote connection (password / publickey / PAM).

Although originally written for bigrig/server-use, it has proven to be quite a useful little log-script tool on any Linux-box that runs an OpenSSH-server :) both for account-auditing and p4r4n0|4.

I highly recommend installing "Fail2Ban" to defend against SSH-bruteforcing!
Personally, I've deployed it on all my Linux-powered devices (like: NAS-boxes, laptops, VPS', workstations, routers, etc.) to provide simple, text-based log-access throughout my network-infrastructure. Giving me complete access-history at my fingertips, wherever, whenever.

I mainly made it to work on Ubuntu Server and certain derivatives (Ubuntu Desktop and Linux Mint).

There are also branches for: Debian GNU/Linux and Netgear RAIDiator (ReadyNAS),

If you get a mod of your own to run on a specific distribution, please, feel free to mail a copy to me and I'll add it to the repo (and give appropriate accredidation on the website, of course)


Copy the shell-script(s) to '/usr/local/sbin':

sudo cp sshlog-x.x/bash/sshlog /usr/local/sbin

Then copy (select) man1-files (< program-name >.1.gz) to '/usr/local/share/man/man1'.

sudo cp sshlog-x.x/man/sshlog.1.gz /usr/local/share/man/man1