shell脚本监控linux日志（secure）发现ssh异常登录并实现公网邮箱告警

#! /bin/bash

echo "set from=发送者邮箱（可为公网） smtp=邮箱发件服务器  >>/etc/mail.rc

echo "set smtp-auth-user=公网邮箱  smtp-auth-password=邮箱密码 smtp-auth=login"  >>/etc/mail.rc

cat /var/log/secure|awk '/Failed/{print $(NF-3)}'|sort|uniq -c|awk '{print $2"="$1;}' > /root/satools/black.txt

DEFINE="3"

for i in `cat /root/satools/black.txt`

do

IP=`echo $i |awk -F= '{print $1}'`

NUM=`echo $i|awk -F= '{print $2}'`

if [ $NUM -gt $DEFINE ]; then

mail_ip="$IP the num $NUM"

echo $mail_ip|mail  -s "the ip is bad"  接收者邮箱

fi

done