Hi Michael,
I try your shell script but the results is not good ...

~$ grep "Failed password" /var/log/authlog |tail -5 | while read line; do
set -f; set -- $line; echo "$1 $2 $3 $9 $10 $11 $12 `host $13`"; done
Aug 12 23:28:53 invalid Aug0 Aug1 Aug2 Host Aug3 not found: 3(NXDOMAIN)
Aug 12 23:28:54 invalid Aug0 Aug1 Aug2 Host Aug3 not found: 3(NXDOMAIN)
Aug 12 23:28:55 invalid Aug0 Aug1 Aug2 Host Aug3 not found: 3(NXDOMAIN)
Aug 12 23:28:56 invalid Aug0 Aug1 Aug2 Host Aug3 not found: 3(NXDOMAIN)
Aug 12 23:28:57 invalid Aug0 Aug1 Aug2 Host Aug3 not found: 3(NXDOMAIN)

Do you know where is the problem please ?

JB



"Michael Tosch" <eedmit@NO.eed.SPAM.ericsson.PLS.se> wrote in message
news:ebvmpm$iqh$1@aken.eed.ericsson.se...
> Jan Burdil wrote:
>> Hello,
>> I am trying to filter some logs from sshd daemon.
>>
>> ~$ grep "Failed password" /var/log/authlog |tail -5 |awk '{print
>> $1,$2,$3,$9,$10,$11,$12,$13}'
>> Aug 12 23:28:53 invalid user user from 80.74.149.39
>> Aug 12 23:28:54 invalid user root from 80.74.149.39
>> Aug 12 23:28:55 invalid user root from 80.74.149.39
>> Aug 12 23:28:56 invalid user root from 80.74.149.39
>> Aug 12 23:28:57 invalid user test from 80.74.149.39
>> ~$
>>
>> How can I substitute $13 ( the ip address ) with command "host $13"
>> I would like to see the full domain name not the ip address ...
>>
>> Thank you
>> Jan Burdil
>>
>>
>
> You can stay in the shell:
>
> grep "Failed password" /var/log/authlog |tail -5 |
> while read line
> do
> set -f
> set -- $line
> echo "$1 $2 $3 $9 $10 $11 $12 `host $13`"
> done
>
>
> --
> Michael Tosch @ hp : com