vigneshwari-08/server_log-analyzer-intrusion-detector

This repository contains a single Bash script that scans the logs on a Linux server, ranks errors by how often they appear, and looks for signs that someone has been trying to break in over SSH. The author wrote it as part of a personal DevOps learning series posted on LinkedIn. The script pulls system errors from the last N hours, detects SSH brute force attempts, ranks the IP addresses doing the attacks, and lists which usernames the attackers tried. It also walks through log files under /var/log, picks out lines that contain words like error, fatal, or failed, and counts them so you can see which problems happen most often. Output is printed to the terminal with colour. It expects a Linux server with bash, journalctl from systemd, and curl, and the author says it has been tested on Amazon Linux 2023, Ubuntu 22.04, and CentOS 8. Usage is simple: clone the repo, make log-analyzer.sh executable, and run it with no arguments for the default 24-hour window, or pass a number like 1 for the last hour. A large part of the README is a teaching walkthrough that explains the commands behind the script, including journalctl with priority filters, grep with extended regex, awk for picking fields out of log lines, sort, uniq -c, and find with -mmin. The README also shows how to put the script on a cron job to run every morning, includes a sample output block, and ends with the author's note that within hours of launching an EC2 instance the script caught 86 SSH attempts from a single IP.