Log-parser script for ssh-auditing - server-side tool.
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


sshlog v1.6.1

A command-line Secure SHell LOG-utility, for client-side terminal- / mobile- and NAS-use.

sshlog is a Bash-script to assemble ssh-connection logs, meant firstly for Linux-administrators / datacenter-operators with sufficient command-line interface (CLI) experience, or mostly anyone who can benefit from using it ;)

It was prototyped to be useful on small computer-terminals and mobile devices, like Android smart-phones / -tablets / -netbooks, and nowadays usually on low-end Windows 10 hardware and similar low-power computers.

what does sshlog do?

sshlog generates a log of SSH connections made to a Linux system, filters results based on command-line arguments provided and pipes the results to the screen, or, into a timestamped textfile in "~/ssh-logs" in your home-directory. It can filter log-results based on accepted/failed login(s), or by authentication-method(s) used by the remote connection (password / publickey / PAM).

Although originally written for bigrig- / server-use, it has proven to be quite a useful little log-tool on any Linux-box that runs an OpenSSH-server :) both for account-auditing and p4r4n0|4!. **

I highly recommend installing "Fail2Ban" to defend against SSH-bruteforcing!


Personally, I've deployed it on all my Linux-powered devices (like: NAS-boxes, laptops, VPS', workstations, routers, etc.) to provide simple, text-based log-access throughout my network-infrastructure. Giving me complete access-history at my fingertips, wherever, whenever.

I mainly made it to work on Ubuntu Server and certain derivatives (Ubuntu Desktop and Linux Mint).

There are also branches for: Debian GNU/Linux and Netgear RAIDiator (ReadyNAS),

If you get a mod of your own to run on a specific distribution, please, feel free to mail a copy to me and I'll add it to the repo (and give appropriate accredidation on the website, of course)


  • Copy the shell-script(s) to /usr/local/sbin:
sudo cp sshlog-x.x/bash/sshlog /usr/local/sbin
  • Then copy (select) man1-files (< program-name >.1.gz) to /usr/local/share/man/man1.
sudo cp sshlog-x.x/man/sshlog.1.gz /usr/local/share/man/man1