Showing preview only (238K chars total). Download the full file or copy to clipboard to get everything.
Repository: YosfanEilay/AuthLogParser
Branch: main
Commit: 4f0647677fc5
Files: 26
Total size: 225.9 KB
Directory structure:
gitextract_1xx4zayr/
├── 01-Logs/
│ └── MasterParser-Example-auth.log
├── 02-LogModules/
│ └── Auth.Log/
│ ├── 01-LogCopy/
│ │ └── CreateLogCopy.ps1
│ ├── 02-TimePatch/
│ │ └── 01-TimePatch.ps1
│ ├── 03-Features/
│ │ ├── 01-file_summary_report.ps1
│ │ ├── 02-event_name_table.ps1
│ │ ├── 03-ip_address_table.ps1
│ │ ├── 04-regex_search_engine.ps1
│ │ ├── 05-system_login_calculation.ps1
│ │ ├── 06-ssh_login_calculation.ps1
│ │ ├── 07-ssh_brute_force_detector.ps1
│ │ ├── 08-ftp_brute_force_detector.ps1
│ │ └── 09-final_output.ps1
│ └── Auth.Log.ps1
├── 03-Options/
│ ├── 00-Banner.ps1
│ ├── 01-Update.ps1
│ ├── 02-auto_update_check.ps1
│ ├── 03-Menu.ps1
│ ├── 04-Purge.ps1
│ └── 05-functions.ps1
├── LICENSE
├── MasterParser Training/
│ └── 02 - Exercises and Scenarios to investigate/
│ ├── 01 - FTP Brute-Force Attack/
│ │ └── Auth.Log FTP Brute-Force Attack
│ ├── 02 - The Disgruntled Employee/
│ │ └── Auth.Log The Disgruntled Employee.txt
│ ├── 03 - Why The Server is Unavailable/
│ │ └── Auth.Log Why The Server is Unavailable
│ └── 04 - Reconnaissance Activity/
│ └── Auth.Log Reconnaissance Activity
├── MasterParser.ps1
└── README.md
================================================
FILE CONTENTS
================================================
================================================
FILE: 01-Logs/MasterParser-Example-auth.log
================================================
Dec 10 00:17:01 eilay-desktop CRON[75966]: pam_unix(cron:session): session opened for user root by (uid=0)
# # # # Example-Description: Successful SSH
Dec 10 14:11:49 eilay-desktop sshd[1074]: Accepted password for eilay from 192.168.2.10 port 65107 ssh2
Dec 10 14:11:49 eilay-desktop sshd[1074]: Accepted password for eilay from 192.168.2.10 port 65107 ssh2
Dec 10 14:11:49 eilay-desktop sshd[1074]: Accepted password for eilay from 192.168.2.10 port 65107 ssh2
Dec 10 14:11:49 eilay-desktop sshd[1074]: Accepted password for Hacker from 192.168.2.10 port 65107 ssh2
Dec 10 14:11:49 eilay-desktop sshd[1074]: Accepted password for Hacker from 192.168.2.10 port 65107 ssh2
Dec 10 14:11:49 eilay-desktop sshd[1074]: Accepted password for Hacker from 192.168.2.10 port 65107 ssh2
Dec 10 14:11:49 eilay-desktop sshd[1074]: Accepted password for Hacker from 192.168.2.10 port 65107 ssh2
Dec 10 14:11:49 eilay-desktop sshd[1074]: Accepted password for Test from 192.168.2.10 port 65107 ssh2
Dec 10 14:11:49 eilay-desktop sshd[1074]: Accepted password for Test from 192.168.2.10 port 65107 ssh2
Dec 10 14:11:49 eilay-desktop sshd[1074]: Accepted password for Test from 192.168.2.10 port 65107 ssh2
Dec 10 14:11:49 eilay-desktop sshd[1074]: Accepted password for Test from 192.168.2.10 port 65107 ssh2
Dec 10 14:11:49 eilay-desktop sshd[1074]: Accepted password for Test from 192.168.2.10 port 65107 ssh2
Dec 10 14:11:49 eilay-desktop sshd[1074]: Accepted password for VeryLongUserName from 192.168.2.10 port 65107 ssh2
# # # # Example-Description: Successful publickey SSH
Dec 10 14:11:49 eilay-desktop sshd[21670]: Accepted publickey for eilay from 192.168.2.14 port 61006 ssh2: RSA SHA256:Jfy3RVGpdSaSsNkUfrN589155so7C9KwDxTS12339EI
Dec 10 14:11:49 eilay-desktop sshd[21670]: Accepted publickey for eilay from 192.168.2.14 port 61006 ssh2: RSA SHA256:Jfy3RVGpdSaSsNkUfrN589155so7C9KwDxTS12339EI
Dec 10 14:11:49 eilay-desktop sshd[21670]: Accepted publickey for eilay from 192.168.2.14 port 61006 ssh2: RSA SHA256:Jfy3RVGpdSaSsNkUfrN589155so7C9KwDxTS12339EI
Dec 10 14:11:49 eilay-desktop sshd[21670]: Accepted publickey for eilay from 192.168.2.14 port 61006 ssh2: RSA SHA256:Jfy3RVGpdSaSsNkUfrN589155so7C9KwDxTS12339EI
Dec 10 14:11:49 eilay-desktop sshd[21670]: Accepted publickey for eilay from 192.168.2.14 port 61006 ssh2: RSA SHA256:Jfy3RVGpdSaSsNkUfrN589155so7C9KwDxTS12339EI
Dec 10 14:11:49 eilay-desktop sshd[21670]: Accepted publickey for Hacker from 192.168.2.14 port 61006 ssh2: RSA SHA256:Jfy3RVGpdSaSsNkUfrN589155so7C9KwDxTS12339EI
Dec 10 14:11:49 eilay-desktop sshd[21670]: Accepted publickey for Hacker from 192.168.2.14 port 61006 ssh2: RSA SHA256:Jfy3RVGpdSaSsNkUfrN589155so7C9KwDxTS12339EI
Dec 10 14:11:49 eilay-desktop sshd[21670]: Accepted publickey for Hacker from 192.168.2.14 port 61006 ssh2: RSA SHA256:Jfy3RVGpdSaSsNkUfrN589155so7C9KwDxTS12339EI
Dec 10 14:11:49 eilay-desktop sshd[21670]: Accepted publickey for Hacker from 192.168.2.14 port 61006 ssh2: RSA SHA256:Jfy3RVGpdSaSsNkUfrN589155so7C9KwDxTS12339EI
Dec 10 14:11:49 eilay-desktop sshd[21670]: Accepted publickey for Hacker from 192.168.2.14 port 61006 ssh2: RSA SHA256:Jfy3RVGpdSaSsNkUfrN589155so7C9KwDxTS12339EI
Dec 10 14:11:49 eilay-desktop sshd[21670]: Accepted publickey for VeryLongUserName from 192.168.2.14 port 61006 ssh2: RSA SHA256:Jfy3RVGpdSaSsNkUfrN589155so7C9KwDxTS12339EI
Dec 10 14:11:49 eilay-desktop sshd[21670]: Accepted publickey for Test from 192.168.2.14 port 61006 ssh2: RSA SHA256:Jfy3RVGpdSaSsNkUfrN589155so7C9KwDxTS12339EI
# # # # Example-Description: Failed SSH logins
Dec 10 14:11:49 eilay-desktop sshd[1094]: Failed password for eilay from 192.168.2.10 port 64853 ssh2
Dec 10 14:11:49 eilay-desktop sshd[1094]: Failed password for eilay from 192.168.2.10 port 64853 ssh2
Dec 10 14:11:49 eilay-desktop sshd[1094]: Failed password for eilay from 192.168.2.10 port 64853 ssh2
Dec 10 14:11:49 eilay-desktop sshd[1094]: Failed password for eilay from 192.168.2.10 port 64853 ssh2
Dec 10 14:11:49 eilay-desktop sshd[1094]: Failed password for Hacker from 192.168.2.10 port 64853 ssh2
Dec 10 14:11:49 eilay-desktop sshd[1094]: Failed password for Hacker from 192.168.2.10 port 64853 ssh2
Dec 10 14:11:49 eilay-desktop sshd[1094]: Failed password for Hacker from 192.168.2.10 port 64853 ssh2
Dec 10 14:11:49 eilay-desktop sshd[1094]: Failed password for VeryLongUserName from 192.168.2.10 port 64853 ssh2
Dec 10 14:11:49 eilay-desktop sshd[1094]: Failed password for VeryLongUserName from 192.168.2.10 port 64853 ssh2
Dec 10 14:11:49 eilay-desktop sshd[1094]: Failed password for VeryLongUserName from 192.168.2.10 port 64853 ssh2
Dec 10 14:11:49 eilay-desktop sshd[1094]: Failed password for VeryLongUserName from 192.168.2.10 port 64853 ssh2
Dec 10 14:11:49 eilay-desktop sshd[1094]: Failed password for Test from 192.168.2.10 port 64853 ssh2
# # # # Example-Description: Adding a user to the system
Dec 10 14:11:49 eilay-desktop useradd[2571]: new user: name=Max, UID=1001, GID=1001, home=/home/Max, shell=/bin/sh, from=/dev/pts/0
Dec 10 14:11:49 eilay-desktop useradd[2571]: new user: name=Max, UID=1001, GID=1001, home=/home/Max, shell=/bin/sh, from=/dev/pts/0
Dec 10 14:11:49 eilay-desktop useradd[2571]: new user: name=Max, UID=1001, GID=1001, home=/home/Max, shell=/bin/sh, from=/dev/pts/0
Dec 10 14:11:49 eilay-desktop useradd[2571]: new user: name=Hacker, UID=1001, GID=1001, home=/home/Max, shell=/bin/sh, from=/dev/pts/0
Dec 10 14:11:49 eilay-desktop useradd[2571]: new user: name=Hacker, UID=1001, GID=1001, home=/home/Max, shell=/bin/sh, from=/dev/pts/0
Dec 10 14:11:49 eilay-desktop useradd[2571]: new user: name=Hacker, UID=1001, GID=1001, home=/home/Max, shell=/bin/sh, from=/dev/pts/0
Dec 10 14:11:49 eilay-desktop useradd[2571]: new user: name=Test, UID=1001, GID=1001, home=/home/Max, shell=/bin/sh, from=/dev/pts/0
Dec 10 14:11:49 eilay-desktop useradd[2571]: new user: name=Test, UID=1001, GID=1001, home=/home/Max, shell=/bin/sh, from=/dev/pts/0
Dec 10 14:11:49 eilay-desktop useradd[2571]: new user: name=Test, UID=1001, GID=1001, home=/home/Max, shell=/bin/sh, from=/dev/pts/0
Dec 10 14:11:49 eilay-desktop useradd[2571]: new user: name=VeryLongUserName, UID=1001, GID=1001, home=/home/Max, shell=/bin/sh, from=/dev/pts/0
Dec 10 14:11:49 eilay-desktop useradd[2571]: new user: name=VeryLongUserName, UID=1001, GID=1001, home=/home/Max, shell=/bin/sh, from=/dev/pts/0
Dec 10 14:11:49 eilay-desktop useradd[2571]: new user: name=VeryLongUserName, UID=1001, GID=1001, home=/home/Max, shell=/bin/sh, from=/dev/pts/0
# # # # Example-Description: Deleting a user from the system
Dec 10 14:11:49 eilay-desktop userdel[2531]: delete user 'Max'
Dec 10 14:11:49 eilay-desktop userdel[2531]: delete user 'Max'
Dec 10 14:11:49 eilay-desktop userdel[2531]: delete user 'Max'
Dec 10 14:11:49 eilay-desktop userdel[2531]: delete user 'Hacker'
Dec 10 14:11:49 eilay-desktop userdel[2531]: delete user 'Hacker'
Dec 10 14:11:49 eilay-desktop userdel[2531]: delete user 'VeryLongUserName'
# # # # Example-Description: User password changes
Dec 10 14:11:49 eilay-desktop passwd[2639]: pam_unix(passwd:chauthtok): password changed for Max
Dec 10 14:11:49 eilay-desktop passwd[2639]: pam_unix(passwd:chauthtok): password changed for Max
Dec 10 14:11:49 eilay-desktop passwd[2639]: pam_unix(passwd:chauthtok): password changed for Hacker
Dec 10 14:11:49 eilay-desktop passwd[2639]: pam_unix(passwd:chauthtok): password changed for Hacker
Dec 10 14:11:49 eilay-desktop passwd[2639]: pam_unix(passwd:chauthtok): password changed for Test
Dec 10 14:11:49 eilay-desktop passwd[2639]: pam_unix(passwd:chauthtok): password changed for Test
Dec 10 14:11:49 eilay-desktop passwd[2639]: pam_unix(passwd:chauthtok): password changed for VeryLongUserName
Dec 10 14:11:49 eilay-desktop usermod[2248]: change user 'Max' password
Dec 10 14:11:49 eilay-desktop usermod[2248]: change user 'Hacker' password
Dec 10 14:11:49 eilay-desktop usermod[2248]: change user 'Hacker' password
Dec 10 14:11:49 eilay-desktop usermod[2248]: change user 'Test' password
Dec 10 14:11:49 eilay-desktop usermod[2248]: change user 'VeryLongUserName' password
Dec 10 14:11:49 eilay-desktop usermod[2248]: change user 'VeryLongUserName' password
Dec 10 14:11:49 eilay-desktop chpasswd[2301]: pam_unix(chpasswd:chauthtok): password changed for Max
Dec 10 14:11:49 eilay-desktop chpasswd[2301]: pam_unix(chpasswd:chauthtok): password changed for Max
Dec 10 14:11:49 eilay-desktop chpasswd[2301]: pam_unix(chpasswd:chauthtok): password changed for Hacker
Dec 10 14:11:49 eilay-desktop chpasswd[2301]: pam_unix(chpasswd:chauthtok): password changed for Hacker
Dec 10 14:11:49 eilay-desktop chpasswd[2301]: pam_unix(chpasswd:chauthtok): password changed for Test
Dec 10 14:11:49 eilay-desktop chpasswd[2301]: pam_unix(chpasswd:chauthtok): password changed for Test
Dec 10 14:11:49 eilay-desktop chpasswd[2301]: pam_unix(chpasswd:chauthtok): password changed for VeryLongUserName
Dec 10 14:11:49 eilay-desktop chpasswd[2301]: pam_unix(chpasswd:chauthtok): password changed for VeryLongUserName
# # # # Example-Description: User password Expire
Dec 10 14:11:49 eilay-desktop chage[2329]: changed password expiry for Max
Dec 10 14:11:49 eilay-desktop chage[2329]: changed password expiry for Hacker
Dec 10 14:11:49 eilay-desktop chage[2329]: changed password expiry for Test
Dec 10 14:11:49 eilay-desktop chage[2329]: changed password expiry for VeryLongUserName
# # # # Example-Description: Group creation
Dec 10 14:11:49 eilay-desktop groupadd[2711]: new group: name=TheHackers, GID=1002
Dec 10 14:11:49 eilay-desktop groupadd[2711]: new group: name=APT-32, GID=1002
Dec 10 14:11:49 eilay-desktop groupadd[2711]: new group: name=KARMA, GID=1002
Dec 10 14:11:49 eilay-desktop groupadd[2711]: new group: name=DeadCow, GID=1002
# # # # Example-Description: Group deletion
Dec 10 14:11:49 eilay-desktop groupdel[2731]: group 'TheHackers' removed
Dec 10 14:11:49 eilay-desktop groupdel[2731]: group 'APT-32' removed
Dec 10 14:11:49 eilay-desktop groupdel[2731]: group 'KARMA' removed
Dec 10 14:11:49 eilay-desktop groupdel[2731]: group 'DeadCow' removed
# # # # Example-Description: User added to a group
Dec 10 14:11:49 eilay-desktop usermod[2806]: add 'Hacker' to group 'TheHackers'
Dec 10 14:11:49 eilay-desktop usermod[2806]: add 'JohnWick' to group 'APT-32'
Dec 10 14:11:49 eilay-desktop usermod[2806]: add 'MikeTyson' to group 'KARMA'
Dec 10 14:11:49 eilay-desktop usermod[2806]: add 'KevinMitnick' to group 'DeadCow'
# # # # Example-Description: User removed from a group
Dec 10 14:11:49 eilay-desktop gpasswd[2833]: user Hacker removed by root from group TheHackers
Dec 10 14:11:49 eilay-desktop gpasswd[2833]: user JohnWick removed by root from group APT-32
Dec 10 14:11:49 eilay-desktop gpasswd[2833]: user MikeTyson removed by root from group KARMA
Dec 10 14:11:49 eilay-desktop gpasswd[2833]: user KevinMitnick removed by root from group DeadCow
# # # # Example-Description: Changing user information
Dec 10 14:11:49 eilay-desktop chfn[2374]: changed user 'Hacker' information
Dec 10 14:11:49 eilay-desktop chfn[2374]: changed user 'Hacker' information
Dec 10 14:11:49 eilay-desktop chfn[2374]: changed user 'MikeTyson' information
Dec 10 14:11:49 eilay-desktop chfn[2374]: changed user 'KevinMitnick' information
Dec 10 14:11:49 eilay-desktop chfn[2374]: changed user 'JohnWick' information
Dec 10 14:11:49 eilay-desktop chfn[2374]: changed user 'eilay' information
# # # # Example-Description: Power Button
Dec 10 14:11:49 eilay-desktop systemd-logind[633]: Watching system buttons on /dev/input/event0 (Power Button)
Dec 10 14:11:49 eilay-desktop systemd-logind[633]: Watching system buttons on /dev/input/event1 (Power Button)
Dec 10 14:11:49 eilay-desktop systemd-logind[633]: Watching system buttons on /dev/input/event0 (Power Button)
Dec 10 14:11:49 eilay-desktop systemd-logind[633]: Watching system buttons on /dev/input/event1 (Power Button)
# # # # Example-Description: Session opened for user
Dec 10 14:11:49 eilay-desktop sudo: pam_unix(sudo:session): session opened for user root by eilay(uid=0)
Dec 10 14:11:49 eilay-desktop sudo: pam_unix(sudo:session): session opened for user root by eilay(uid=0)
Dec 10 14:11:49 eilay-desktop sudo: pam_unix(sudo:session): session opened for user root by Hacker(uid=0)
Dec 10 14:11:49 eilay-desktop sudo: pam_unix(sudo:session): session opened for user root by Hacker(uid=0)
Dec 10 14:11:49 eilay-desktop sudo: pam_unix(sudo:session): session opened for user root by VeryLongUserName(uid=0)
Dec 10 14:11:49 eilay-desktop sudo: pam_unix(sudo:session): session opened for user root by VeryLongUserName(uid=0)
Dec 10 14:11:49 eilay-desktop sudo: pam_unix(sudo:session): session opened for user root by VeryLongUserName(uid=0)
Dec 10 14:11:49 eilay-desktop sudo: pam_unix(sudo:session): session opened for user root by MikeTyson(uid=0)
Dec 10 14:11:49 eilay-desktop sudo: pam_unix(sudo:session): session opened for user root by MikeTyson(uid=0)
Dec 10 14:11:49 eilay-desktop sudo: pam_unix(sudo:session): session opened for user root by MikeTyson(uid=0)
Dec 10 14:11:49 eilay-desktop sudo: pam_unix(sudo:session): session opened for user root by MikeTyson(uid=0)
# # # # Example-Description: Elevated commands executions
Dec 10 14:11:49 eilay-desktop sudo: eilay : TTY=pts/0 ; PWD=/home/eilay ; USER=root ; COMMAND=/usr/bin/su
Dec 10 14:11:49 eilay-desktop sudo: eilay : TTY=pts/0 ; PWD=/home/eilay ; USER=root ; COMMAND=/dev/sda
Dec 10 14:11:49 eilay-desktop sudo: Hacker : TTY=pts/0 ; PWD=/home/eilay ; USER=root ; COMMAND=/usr/sbin/adduser
Dec 10 14:11:49 eilay-desktop sudo: eilay : TTY=pts/0 ; PWD=/home/eilay ; USER=root ; COMMAND=/usr/sbin/deluser
Dec 10 14:11:49 eilay-desktop sudo: root : TTY=pts/4 ; PWD=/ ; USER=root ; COMMAND=/usr/bin/nano /etc/vsftpd.conf
Dec 10 14:11:49 eilay-desktop sudo: root : TTY=pts/1 ; PWD=/home/eilay ; USER=root ; COMMAND=/usr/bin/nano /root/.bashrc
Dec 10 14:11:49 eilay-desktop sudo: eilay : TTY=pts/0 ; PWD=/home/eilay ; USER=root ; COMMAND=/usr/bin/timedatectl set-timezone Asia/Jerusalem
Dec 10 14:11:49 eilay-desktop sudo: Hacker : TTY=pts/1 ; PWD=/home ; USER=root ; COMMAND=/usr/bin/ls /var/log/ufw*
Dec 10 14:11:49 eilay-desktop sudo: Hacker : TTY=pts/1 ; PWD=/home ; USER=root ; COMMAND=/usr/bin/systemctl restart rsyslog
Dec 10 14:11:49 eilay-desktop sudo: MikeTyson : TTY=pts/4 ; PWD=/ ; USER=root ; COMMAND=/usr/bin/nano /etc/vsftpd.conf
Dec 10 14:11:49 eilay-desktop sudo: MikeTyson : TTY=pts/4 ; PWD=/ ; USER=root ; COMMAND=/usr/bin/systemctl restart vsftpd
Dec 10 14:11:49 eilay-desktop sudo: VeryLongUserName : TTY=pts/0 ; PWD=/home/eilay ; USER=root ; COMMAND=/usr/sbin/usermod
Dec 10 14:11:49 eilay-desktop sudo: VeryLongUserName : TTY=pts/0 ; PWD=/home/eilay ; USER=root ; COMMAND=/usr/bin/su
Dec 10 14:11:49 eilay-desktop sudo: VeryLongUserName : TTY=pts/0 ; PWD=/home/eilay ; USER=root ; COMMAND=/usr/bin/su
# # # # Example-Description: FTP authentication failures formats
Dec 10 14:11:49 eilay-desktop vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=eilay rhost=::ffff:192.168.2.10 user=eilay
Dec 10 14:11:49 eilay-desktop vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=eilay rhost=::ffff:192.168.2.10 user=eilay
Dec 10 14:11:49 eilay-desktop vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=eilay rhost=::ffff:192.168.2.10 user=eilay
Dec 10 14:11:49 eilay-desktop vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=eilay rhost=::ffff:192.168.2.10 user=eilay
Dec 10 14:11:49 eilay-desktop vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=eilay rhost=::ffff:192.168.2.10 user=eilay
Dec 10 14:11:49 eilay-desktop vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=eilay rhost=::ffff:192.168.2.10 user=eilay
Dec 10 14:11:49 eilay-desktop vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=eilay rhost=::ffff:192.168.2.10 user=eilay
Dec 10 14:11:49 eilay-desktop vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=eilay rhost=::ffff:192.168.2.10 user=eilay
Dec 10 14:11:49 eilay-desktop vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=eilay rhost=::ffff:192.168.2.10 user=eilay
Dec 10 14:11:49 eilay-desktop vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=eilay rhost=::ffff:192.168.2.10 user=eilay
Dec 10 14:11:49 eilay-desktop vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=eilay rhost=::ffff:192.168.2.10 user=eilay
Dec 10 14:11:49 eilay-desktop vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=eilay rhost=::ffff:192.168.2.10 user=eilay
Dec 10 14:11:49 eilay-desktop vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=eilay rhost=::ffff:192.168.2.10 user=eilay
Dec 10 14:11:49 eilay-desktop vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=eilay rhost=::ffff:192.168.2.10 user=eilay
Dec 10 14:11:49 eilay-desktop vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=eilay rhost=::ffff:192.168.2.10 user=eilay
Dec 10 14:11:49 eilay-desktop vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Hacker rhost=::ffff:192.168.2.10 user=Hacker
Dec 10 14:11:49 eilay-desktop vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Hacker rhost=::ffff:192.168.2.10 user=Hacker
Dec 10 14:11:49 eilay-desktop vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Hacker rhost=::ffff:192.168.2.10 user=Hacker
Dec 10 14:11:49 eilay-desktop vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Hacker rhost=::ffff:192.168.2.10 user=Hacker
Dec 10 14:11:49 eilay-desktop vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=MikeTyson rhost=::ffff:192.168.2.10 user=MikeTyson
Dec 10 14:11:49 eilay-desktop vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=MikeTyson rhost=::ffff:192.168.2.10 user=MikeTyson
Dec 10 14:11:49 eilay-desktop vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=MikeTyson rhost=::ffff:192.168.2.10 user=MikeTyson
Dec 10 14:11:49 eilay-desktop vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=MikeTyson rhost=::ffff:192.168.2.10 user=MikeTyson
Dec 10 14:11:49 eilay-desktop vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=MikeTyson rhost=::ffff:192.168.2.10 user=MikeTyson
Dec 10 14:11:49 eilay-desktop vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=VeryLongUserName rhost=::ffff:192.168.2.10 user=VeryLongUserName
Dec 10 14:11:49 eilay-desktop vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=VeryLongUserName rhost=::ffff:192.168.2.10 user=VeryLongUserName
Dec 10 14:11:49 eilay-desktop vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=VeryLongUserName rhost=::ffff:192.168.2.10 user=VeryLongUserName
Dec 10 14:11:49 eilay-desktop vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Dec 10 14:11:49 eilay-desktop vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Dec 10 14:11:49 eilay-desktop vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Dec 10 14:11:49 eilay-desktop vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Dec 10 14:11:49 eilay-desktop vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
Dec 10 14:11:49 eilay-desktop vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Dec 10 14:11:49 eilay-desktop vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Dec 10 14:11:49 eilay-desktop vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Dec 10 14:11:49 eilay-desktop vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Dec 10 14:11:49 eilay-desktop vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
================================================
FILE: 02-LogModules/Auth.Log/01-LogCopy/CreateLogCopy.ps1
================================================
# get the location of where the script was executed from.
$ScriptLocationPath = $RunningPath
# get the location of the original auth.log file
$AuthLogPath = "$RunningPath\01-Logs\$Log"
# auth.log copy location
$AuthLogCopyLocation = "$ScriptLocationPath\02-LogModules\Auth.Log\01-LogCopy\Auth.Log.Parser.Copy.txt"
# create a copy of the Auth.Log file
Copy-Item -Path $AuthLogPath -Destination $AuthLogCopyLocation
# variable to get auth.log content.
$AuthLogContent = Get-Content $AuthLogCopyLocation
# array to store modified lines
$ModifiedLines = @()
# foreach loop to iterate through lines of the auth.log file.
foreach ($SingleLine in $AuthLogContent) {
# replace 2 spaces in each line to 1 space
$ModifiedLine = $SingleLine -replace ' ',' '
# add the modified line to the array
$ModifiedLines += $ModifiedLine
}
# save the modified lines to the new file
$ModifiedLines | Out-File -FilePath $AuthLogCopyLocation -Force
================================================
FILE: 02-LogModules/Auth.Log/02-TimePatch/01-TimePatch.ps1
================================================
# get the location of where the script was executed from.
$ScriptLocationPath = $RunningPath
# get the location of the original auth.log file
$AuthLogPath = "$RunningPath\01-Logs\$Log"
# auth.log copy location
$AuthLogCopyLocation = "$ScriptLocationPath\02-LogModules\Auth.Log\01-LogCopy\Auth.Log.Parser.Copy.txt"
# if $AuthLogCopyLocation is already exist, delete it
if (Test-Path -Path $AuthLogCopyLocation) {
Remove-Item -Path $AuthLogCopyLocation -Force -ErrorAction SilentlyContinue | Out-Null
}
# create a copy of the Auth.Log file
Copy-Item -Path $AuthLogPath -Destination $AuthLogCopyLocation
# variable to get auth.log content.
$AuthLogContent = Get-Content -Head 1 -Path $AuthLogCopyLocation
# Check if TimePatch is needed
if ($AuthLogContent -match '^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}') {
# variable to get auth.log content.
$AuthLogContent = Get-Content $AuthLogCopyLocation
# Loop through each line and convert date format
$ModifiedLines = foreach ($line in $AuthLogContent) {
# Split the line into timestamp and rest of the line
$timestamp, $rest = $line -split ' ', 2
# Extract date and time components
$date = $timestamp.Substring(0, 10)
$time = $timestamp.Substring(11, 8)
# Format date and time
$formattedDate = [datetime]::ParseExact($date, 'yyyy-MM-dd', $null).ToString('MMM dd')
$formattedTime = $time
# Join the formatted date, time, and the rest of the line
$formattedDate + ' ' + $formattedTime + ' ' + $rest
}
# Save the modified lines to the new file
$ModifiedLines | Set-Content -Path $AuthLogCopyLocation -Force
}
================================================
FILE: 02-LogModules/Auth.Log/03-Features/01-file_summary_report.ps1
================================================
# start time
if ($Mode -eq "Developer") {
$file_summary_report_start_time = start_time
}
# starting variables
#region
$auth_log_path = "$RunningPath\02-LogModules\Auth.Log\01-LogCopy\Auth.Log.Parser.Copy.txt"
#endregion
# hostname
#region
$temp_line = Get-Content -Head 1 -Path $auth_log_path
$remove_start = $temp_line -replace '\b[a-zA-Z]{3}\s+\d{1,2}\s+\d{2}:\d{2}:\d{2}\b ',''
$hostname = $remove_start -replace ' .*',''
#endregion
# file size
#region
# Get the file size
$fileSize = (Get-Item $auth_log_path).Length
if ($fileSize -lt 1KB) {
$log_size = "$fileSize bytes"
}
elseif ($fileSize -lt 1MB) {
$fileSizeKB = [math]::Round($fileSize / 1KB, 2)
$log_size = "$fileSizeKB KB"
}
elseif ($fileSize -lt 1GB) {
$fileSizeMB = [math]::Round($fileSize / 1MB, 2)
$log_size = "$fileSizeMB MB"
}
else {
$fileSizeGB = [math]::Round($fileSize / 1GB, 2)
$log_size = "$fileSizeGB GB"
}
#endregion
# start and end time
#region
$temp_line = Get-Content -Head 1 -Path $auth_log_path
$start_time = $temp_line -replace " $hostname.*",""
$start_time = $start_time -replace ' ',' '
$temp_line = Get-Content -Tail 1 -Path $auth_log_path
$end_time = $temp_line -replace " $hostname.*",""
$end_time = $end_time -replace ' ',' '
# execute duration function
$full_duration_file_summary_report = duration_calc -start_time $start_time -end_time $end_time
#endregion
# file summary report tamplate
#region
Write-Output "Auth.Log File Summary Report"
Write-Output "+--------------------------+"
if ($WasExtracted -eq "True") {
Write-Output "Log Name: $Log (Extracted From: $GZipName)"
}
else {
Write-Output "Log Name: $Log"
}
Write-Output "Hostname: $hostname"
Write-Output "Log Size: $log_size"
Write-Output "Start Time: $start_time"
Write-Output "End Time: $end_time"
Write-Output "Duration: $full_duration_file_summary_report"
#endregion
# run time
if ($Mode -eq "Developer") {
$file_summary_report_run_time = stop_time -start_time $file_summary_report_start_time
$file_summary_report_run_time
}
================================================
FILE: 02-LogModules/Auth.Log/03-Features/02-event_name_table.ps1
================================================
# start time
if ($Mode -eq "Developer") {
$event_name_table_start_time = start_time
}
# Hashtable to store the 5th word
$5th_word_table = @{}
# Regular expression pattern to match the fifth word
$pattern = '\S+\s+\S+\s+\S+\s+\S+\s+(\S+)'
# Get the content of the file directly using switch statement
switch -Regex -File "$RunningPath\02-LogModules\Auth.Log\01-LogCopy\Auth.Log.Parser.Copy.txt" {
$pattern {
$5th_word = $matches[1] -replace '\[.*\]|\:',''
if ($5th_word_table.ContainsKey($5th_word)) {
$5th_word_table[$5th_word]++
} else {
$5th_word_table[$5th_word] = 1
}
}
}
# Transform the hashtable into an array of custom objects for easier formatting
$5th_word_table_Fixed = $5th_word_table.GetEnumerator() | Sort-Object Value -Descending | ForEach-Object {
[pscustomobject]@{
"Event Name" = $_.Key
"Count" = $_.Value
}
}
# Output the result
Write-Output ""
$5th_word_table_Fixed | Format-Table -Property "Event Name", "Count" | Out-String -Width 50 | ForEach-Object { $_.Trim() }
# run time
if ($Mode -eq "Developer") {
$event_name_table_run_time = stop_time -start_time $event_name_table_start_time
$event_name_table_run_time
}
================================================
FILE: 02-LogModules/Auth.Log/03-Features/03-ip_address_table.ps1
================================================
# start time
if ($Mode -eq "Developer") {
$ip_address_table_start_time = start_time
}
# Hashtable to store the cleaned IP addresses
$IPHashTable = @{}
# Regular expression pattern to match both IPv4 and IPv6 addresses
$IPPattern = '\b(?:\d{1,3}\.){3}\d{1,3}\b|\b(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}\b'
# Get the content of the file directly using switch statement
switch -Regex -File "$RunningPath\02-LogModules\Auth.Log\01-LogCopy\Auth.Log.Parser.Copy.txt" {
$IPPattern {
# Extract the IP address from the line
$IPAddress = $matches[0]
# Clean the IP address
$CleanIP = $IPAddress -replace ".*\=|\(|.*\[|\)|\]|\:.*",""
# Update the hashtable
if ($IPHashTable.ContainsKey($CleanIP)) {
$IPHashTable[$CleanIP]++
} else {
$IPHashTable[$CleanIP] = 1
}
}
}
# Check if there are any IP addresses in the hashtable
if ($IPHashTable.Count -ge 1) {
# Flag indicating IP addresses are present
$IPHashTableFlag = "True"
# Output the cleaned IP addresses
Write-Output ""
$IPHashTable.GetEnumerator() | Sort-Object Value -Descending | ForEach-Object {
[pscustomobject]@{
"IP Address" = $_.Key
"Count" = $_.Value
}
} | Format-Table -Property "IP Address", "Count" | Out-String -Width 50 | ForEach-Object { $_.Trim() }
} else {
# If no IP addresses are found
$IPHashTableFlag = "False"
}
# run time
if ($Mode -eq "Developer") {
$ip_address_table_run_time = stop_time -start_time $ip_address_table_start_time
$ip_address_table_run_time
}
================================================
FILE: 02-LogModules/Auth.Log/03-Features/04-regex_search_engine.ps1
================================================
# start time
if ($Mode -eq "Developer") {
$regex_search_engine_start_time = start_time
}
# regex search engine
#region
# read the content of the log file
$log_content = Get-Content -Path $AuthLogCopyLocation
# main hashtable
$main = @{
"successful_ssh" = @()
"successful_publickey_ssh" = @()
"ssh_disconnections_postauth" = @()
"valid_users_failed_ssh" = @()
"invalid_users_failed_ssh" = @()
"ssh_maxstartups" = @()
"user_login" = @()
"user_logout" = @()
"user_creation" = @()
"user_deletion" = @()
"password_change" = @()
"group_creation" = @()
"group_deletion" = @()
"user_add_to_group" = @()
"user_removed_from_group" = @()
"user_information_changed" = @()
"root_session_opened" = @()
"root_session_closed" = @()
"elevated_commands_executions" = @()
"no_sudo_permission" = @()
"ftp" = @()
# outsource lists
"system_logins_calc" = @()
"ssh_logins_calc" = @()
}
# main patterns list
$patterns = @(
#ssh
@(
"sshd.*Accepted password for",
"sshd.*Accepted publickey for",
"sshd.*Failed password for(?!.*invalid)",
"sshd.*Failed password for invalid user"
"sshd.*Received disconnect.*port(?!.*\[preauth\])",
"sshd.*MaxStartups"
),
#ftp
@(
"vsftpd.*authentication failure"
),
#users groups
@(
"useradd.*new user\: name\=",
"userdel.*delete user",
"groupadd.*new group\: name\=",
"groupdel.*group.*removed",
"usermod.*add.*to group",
"gpasswd.*user.*removed by",
"chfn.*changed user.*information"
),
#user system logins
@(
"systemd-logind.*New session.*of user",
"systemd-logind.*Removed session"
),
#passwords
@(
"passwd.*\(passwd.*password changed for",
"usermod.*change user",
"chpasswd.*\(chpasswd.*password changed for"
),
#elevated activity
@(
"su\:.*session opened for user",
"su.*su:session.*session closed for user",
"(sudo|su)\:.*COMMAND\=",
"user NOT in sudoers.*COMMAND"
)
)
# Flatten the $patterns array
$flattenedPatterns = $patterns | ForEach-Object { $_ }
# Dynamically construct the combined pattern
$combined_pattern = [regex]::new("(" + ($flattenedPatterns -join "|") + ")")
# Loop through each line and match against the combined pattern
foreach ($line in $log_content) {
if ($combined_pattern.IsMatch($line)) {
$matchedText = $combined_pattern.Match($line).Value
switch -Regex ($matchedText) {
#ssh
$patterns[0][0] { $main["successful_ssh"] += $line }
$patterns[0][1] { $main["successful_publickey_ssh"] += $line }
$patterns[0][2] { $main["valid_users_failed_ssh"] += $line }
$patterns[0][3] { $main["invalid_users_failed_ssh"] += $line }
$patterns[0][4] { $main["ssh_disconnections_postauth"] += $line }
$patterns[0][5] { $main["ssh_maxstartups"] += $line }
#ftp
$patterns[1][0] { $main["ftp"] += $line }
#users_groups
$patterns[2][0] { $main["user_creation"] += $line }
$patterns[2][1] { $main["user_deletion"] += $line }
$patterns[2][2] { $main["group_creation"] += $line }
$patterns[2][3] { $main["group_deletion"] += $line }
$patterns[2][4] { $main["user_add_to_group"] += $line }
$patterns[2][5] { $main["user_removed_from_group"] += $line }
$patterns[2][6] { $main["user_information_changed"] += $line }
#user_system_logins
$patterns[3][0] { $main["user_login"] += $line }
$patterns[3][1] { $main["user_logout"] += $line }
#passwords
$patterns[4][0] { $main["password_change"] += $line }
$patterns[4][1] { $main["password_change"] += $line }
$patterns[4][2] { $main["password_change"] += $line }
#elevated_activity
$patterns[5][0] { $main["root_session_opened"] += $line }
$patterns[5][1] { $main["root_session_closed"] += $line }
$patterns[5][2] { $main["elevated_commands_executions"] += $line }
$patterns[5][3] { $main["no_sudo_permission"] += $line }
}
}
}
#endregion
# run time
if ($Mode -eq "Developer") {
$regex_search_engine_run_time = stop_time -start_time $regex_search_engine_start_time
Write-Output ""
Write-Output "regex_search_engine_run_time: $regex_search_engine_run_time"
}
================================================
FILE: 02-LogModules/Auth.Log/03-Features/05-system_login_calculation.ps1
================================================
if ($main["user_login"].Count -ge 1 -and $main["user_logout"].Count -ge 1) {
# login hashtable
$login_hashtable = @{}
foreach ($event in $main["user_login"]) {
$session_id = $event -replace '.*New session ','' -replace ' of user.*',''
$login_hashtable[$session_id] += $event
}
# logout hashtable
$logout_hashtable = @{}
foreach ($event in $main["user_logout"]) {
$session_id = $event -replace '.*Removed session ','' -replace '\.',''
$logout_hashtable[$session_id] += $event
}
# lists
$username_list = @()
$login_session_id_list = @()
$start_time_list = @()
$end_time_list = @()
$duration_calc_login_list = @()
# code logic - is there a session number maching ?
foreach ($login_session_id in $login_hashtable.Keys) {
$matchFound = $false
foreach ($logout_session_id in $logout_hashtable.Keys) {
if ($login_session_id -eq $logout_session_id) {
$matchFound = $true
$login_log = $login_hashtable[$login_session_id]
$logout_log = $logout_hashtable[$logout_session_id]
$username = $login_log -replace '.*New session.*of user ','' -replace '\.',''
$username_list += $username
$login_session_id_list += $login_session_id
$start_time = $login_log -replace " $hostname.*",""
$start_time_list += $start_time
$end_time = $logout_log -replace " $hostname.*",""
$end_time_list += $end_time
$duration_calc_login = duration_calc -start_time $start_time -end_time $end_time
$duration_calc_login_list += $duration_calc_login
}
}
}
$usr_max_char = ($username_list | Measure-Object -Maximum -Property Length).Maximum
$sid_max_char = ($login_session_id_list | Measure-Object -Maximum -Property Length).Maximum
$sta_max_char = ($start_time_list | Measure-Object -Maximum -Property Length).Maximum
$end_max_char = ($end_time_list | Measure-Object -Maximum -Property Length).Maximum
$dur_max_char = ($duration_calc_login_list | Measure-Object -Maximum -Property Length).Maximum
# code logic - is there a session number maching ?
foreach ($login_session_id in $login_hashtable.Keys) {
$matchFound = $false
foreach ($logout_session_id in $logout_hashtable.Keys) {
if ($login_session_id -eq $logout_session_id) {
$matchFound = $true
$login_log = $login_hashtable[$login_session_id]
$logout_log = $logout_hashtable[$logout_session_id]
$username = $login_log -replace '.*New session.*of user ','' -replace '\.',''
$start_time = $login_log -replace " $hostname.*",""
$end_time = $logout_log -replace " $hostname.*",""
$duration_calc_login = duration_calc -start_time $start_time -end_time $end_time
$main["system_logins_calc"] += Write-Output " Username: $($username.PadRight($usr_max_char)) | Session ID: $($login_session_id.PadRight($sid_max_char)) | Login Time: $($start_time.PadRight($sta_max_char)) | Logout Time: $($end_time.PadRight($end_max_char)) | Login Duration: $($duration_calc_login.PadRight($dur_max_char)) "
}
}
}
}
================================================
FILE: 02-LogModules/Auth.Log/03-Features/06-ssh_login_calculation.ps1
================================================
if ($main["successful_ssh"].Count -ge 1 -or $main["successful_publickey_ssh"].Count -ge 1 -and $main["ssh_disconnections_postauth"].Count -ge 1) {
# ssh_login hashtable creation
$ssh_login = @{}
# successful_publickey_ssh
foreach ($event in $main["successful_publickey_ssh"]) {
$source_port = $event -replace '.*from.*port ','' -replace ' .*',''
$ssh_login[$source_port] += $event
}
# successful_ssh
foreach ($event in $main["successful_ssh"]) {
$source_port = $event -replace '.*from.*port ','' -replace ' .*',''
$ssh_login[$source_port] += $event
}
# disconnections_ssh_hashtbale
$ssh_logout = @{}
foreach ($event in $main["ssh_disconnections_postauth"]) {
$source_port = $event -replace '.*from.*port ','' -replace '( .*|\:.*)',''
$ssh_logout[$source_port] += $event
}
# lists
$username_list = @()
$source_port_list = @()
$ip_list = @()
$start_time_list = @()
$end_time_list = @()
$duration_calc_login_list = @()
# code logic - matching login logout source ports
foreach ($login_source_port in $ssh_login.Keys) {
# flag
$matchFound = $false
foreach ($logout_source_port in $ssh_logout.Keys) {
if ($login_source_port -eq $logout_source_port) {
# flag
$matchFound = $true
# create login\logout log lines
$ssh_login_log = $ssh_login[$login_source_port]
$ssh_logout_log = $ssh_logout[$logout_source_port]
# username
$username = $ssh_login_log -replace '.*Accepted.*for ','' -replace ' from.*port.*',''
$username_list += $username
# source port
$source_port_list += $login_source_port
# ip
$ip = $ssh_login_log -replace '.*for.*from ','' -replace ' port.*',''
$ip_list += $ip
# start time
$start_time = $ssh_login_log -replace " $hostname.*",""
$start_time_list += $start_time
# end time
$end_time = $ssh_logout_log -replace " $hostname.*",""
$end_time_list += $end_time
# duration
$duration_calc_login = duration_calc -start_time $start_time -end_time $end_time
$duration_calc_login_list += $duration_calc_login
}
}
if (-not $matchFound) {
# create login\logout log lines
$ssh_login_log = $ssh_login[$login_source_port]
$ssh_logout_log = $ssh_logout[$logout_source_port]
# username
$username = $ssh_login_log -replace '.*Accepted.*for ','' -replace ' from.*port.*',''
$username_list += $username
# source port
$source_port_list += $login_source_port
# ip
$ip = $ssh_login_log -replace '.*for.*from ','' -replace ' port.*',''
$ip_list += $ip
# start time
$start_time = $ssh_login_log -replace " $hostname.*",""
$start_time_list += $start_time
}
}
# calc char max size from lists
$usr_max_char = ($username_list | Measure-Object -Maximum -Property Length).Maximum
$lsp_max_char = ($source_port_list | Measure-Object -Maximum -Property Length).Maximum
$lip_max_char = ($ip_list | Measure-Object -Maximum -Property Length).Maximum
$sta_max_char = ($start_time_list | Measure-Object -Maximum -Property Length).Maximum
$end_max_char = ($end_time_list | Measure-Object -Maximum -Property Length).Maximum
$dur_max_char = ($duration_calc_login_list | Measure-Object -Maximum -Property Length).Maximum
foreach ($login_source_port in $ssh_login.Keys) {
# flag
$matchFound = $false
foreach ($logout_source_port in $ssh_logout.Keys) {
if ($login_source_port -eq $logout_source_port) {
# flag
$matchFound = $true
# create login\logout log lines
$ssh_login_log = $ssh_login[$login_source_port]
$ssh_logout_log = $ssh_logout[$logout_source_port]
# username
$username = $ssh_login_log -replace '.*Accepted.*for ','' -replace ' from.*port.*',''
# source port
$source_port_list += $login_source_port
# ip
$ip = $ssh_login_log -replace '.*for.*from ','' -replace ' port.*',''
# start time
$start_time = $ssh_login_log -replace " $hostname.*",""
# end time
$end_time = $ssh_logout_log -replace " $hostname.*",""
# duration
$duration_calc_login = duration_calc -start_time $start_time -end_time $end_time
# output
$main["ssh_logins_calc"] += Write-Output " Username: $($username.PadRight($usr_max_char)) | Port: $($login_source_port.PadRight($lsp_max_char)) | IP: $($ip.PadRight($lip_max_char)) | Login Time: $($start_time.PadRight($sta_max_char)) | Logout Time: $($end_time.PadRight($end_max_char)) | Login Duration: $($duration_calc_login.PadRight($dur_max_char)) "
}
}
if (-not $matchFound) {
# create login\logout log lines
$ssh_login_log = $ssh_login[$login_source_port]
$ssh_logout_log = $ssh_logout[$logout_source_port]
# username
$username = $ssh_login_log -replace '.*Accepted.*for ','' -replace ' from.*port.*',''
$username_list += $username
# source port
$source_port_list += $login_source_port
# ip
$ip = $ssh_login_log -replace '.*for.*from ','' -replace ' port.*',''
$ip_list += $ip
# start time
$start_time = $ssh_login_log -replace " $hostname.*",""
$start_time_list += $start_time
# output
$main["ssh_logins_calc"] += Write-Output " Username: $($username.PadRight($usr_max_char)) | Port: $($login_source_port.PadRight($lsp_max_char)) | IP: $($ip.PadRight($lip_max_char)) | Login Time: $($start_time.PadRight($sta_max_char)) | Logout Time: $("N/A".PadRight($end_max_char)) | Login Duration: $("N/A".PadRight($dur_max_char)) "
}
}
}
================================================
FILE: 02-LogModules/Auth.Log/03-Features/07-ssh_brute_force_detector.ps1
================================================
if ($main["valid_users_failed_ssh"] -ge 1 -or $main["invalid_users_failed_ssh"]) {
# merge valid and invalid to 1 hashtable
$valid_fails = $main["valid_users_failed_ssh"]
$invalid_fails = $main["invalid_users_failed_ssh"]
$merged_hashtable = $valid_fails + $invalid_fails
# create IP profiles
$ip_profiles = @{}
$users_db = @{}
foreach ($event in $merged_hashtable) {
# extract the ip address
$ip = $event -replace '.*for.*from (.+?)\s+.*','$1'
# create a list for each IP if it doesn't exist
if (-not $ip_profiles.ContainsKey($ip)) {
$ip_profiles[$ip] = @{
"Events" = @()
"Count" = 0
}
}
# add the event to the list for the IP
$ip_profiles[$ip]["Events"] += $event
$ip_profiles[$ip]["Count"]++
}
# foreach loop to iterate the ip addresses count
foreach ($ip_address in $ip_profiles.Keys) {
$ip_count = $ip_profiles[$ip_address]["Count"]
# iterate and add sign to users for valid and invalid users
foreach ($event in $ip_profiles[$ip_address]["Events"]) {
if ($event -match "for invalid user") {
$user = $event -replace '.*for invalid user ','' -replace ' from.*port.*',''
$user = "| x $user"
}
else {
$user = $event -replace '.*password for ','' -replace ' from.*port.*',''
$user = "| v $user"
}
if ($users_db.ContainsKey($user)) {
$users_db[$user]++
}
else {
$users_db[$user] = 1
}
}
# Convert $users_db to custom objects with "User Name" and "Count" headers
$users_output = @()
foreach ($user in $users_db.Keys) {
$user_object = [pscustomobject]@{
"User Name" = $user
"SSH Fail Count" = $users_db[$user]
}
$users_output += $user_object
}
# Output the custom objects
$users_output = $users_output | Format-Table -AutoSize | Out-String #| ForEach-Object { $_ -replace '---------- --------------', '├--------- --------------' }
Write-Output ""
$users_output.Trim()
Write-Output "|"
Write-Output "└> From: $ip_address"
# Reset $users_db for the next iteration
$users_db = @{}
}
}
================================================
FILE: 02-LogModules/Auth.Log/03-Features/08-ftp_brute_force_detector.ps1
================================================
if ($main["ftp"].Count -ge 1) {
$ftp_hashtable = $main["ftp"]
# create IP profiles
$ip_profiles = @{}
$users_db = @{}
foreach ($event in $ftp_hashtable) {
# extract the ip address
$ip = $event -replace '.*rhost=::ffff:','' -replace '( user=.*|)',''
# create a list for each IP if it doesn't exist
if (-not $ip_profiles.ContainsKey($ip)) {
$ip_profiles[$ip] = @{
"Events" = @()
"Count" = 0
}
}
# add the event to the list for the IP
$ip_profiles[$ip]["Events"] += $event
$ip_profiles[$ip]["Count"]++
}
# foreach loop to iterate the ip addresses count
foreach ($ip_address in $ip_profiles.Keys) {
$ip_count = $ip_profiles[$ip_address]["Count"]
# iterate and add sign to users for valid and invalid users
foreach ($event in $ip_profiles[$ip_address]["Events"]) {
$user = $event -replace '.*ruser=','' -replace ' rhost=.*',''
$user = "| $user"
if ($users_db.ContainsKey($user)) {
$users_db[$user]++
}
else {
$users_db[$user] = 1
}
}
# Convert $users_db to custom objects with "User Name" and "Count" headers
$users_output = @()
foreach ($user in $users_db.Keys) {
$user_object = [pscustomobject]@{
"User Name" = $user
"FTP Fail Count" = $users_db[$user]
}
$users_output += $user_object
}
# Output the custom objects
$users_output = $users_output | Format-Table -AutoSize | Out-String #| ForEach-Object { $_ -replace '---------- --------------', '├--------- --------------' }
Write-Output ""
$users_output.Trim()
Write-Output "|"
Write-Output "└> From: $ip_address"
# Reset $users_db for the next iteration
$users_db = @{}
}
}
================================================
FILE: 02-LogModules/Auth.Log/03-Features/09-final_output.ps1
================================================
# start time
#region
if ($Mode -eq "Developer") {
$formatting_function_start_time = start_time
}
#endregion
# final_output
#region
function final_output {
param (
[string]$check_count,
[string]$title_name,
[string]$title_side = " - Raw Logs",
[string]$key_name,
[bool]$run_once = $false,
[bool]$top_space = $true,
[string]$add_color = "DarkGreen",
[string]$add_string_0 = $null,
[string]$add_string_1 = $null,
[string]$add_string_2 = $null,
[string]$add_string_3 = $null,
[string]$add_string_4 = $null
)
if ($check_count -ge 1) {
if ($top_space -eq $true) {
Write-Host ""
}
Write-Host "$add_string_0$title_name$title_side" -ForegroundColor $add_color
$MaxLength = ($main[$key_name] | Measure-Object Length -Maximum).Maximum
$Border = '-' * $MaxLength
if ($run_once -eq $true) {
Write-Host "$add_string_1+$Border+"
}
foreach ($Event in $main[$key_name]) {
$Event = $Event.PadRight($MaxLength)
if ($run_once -eq $false) {
Write-Host "$add_string_2+$Border+"
}
Write-Host "$add_string_3|$Event|"
}
Write-Host "$add_string_4+$Border+"
}
}
#endregion
# SSH
#region
# SSH Logins Full Output Statment
#region
# password=1 publickey=1
if ($main["successful_ssh"].Count -ge 1 -and $main["successful_publickey_ssh"].Count -ge 1) {
final_output -check_count $main["successful_ssh"].Count -title_name "Successful SSH Password Authentication" -key_name "successful_ssh" -add_string_0 "┌>"
final_output -check_count $main["successful_publickey_ssh"].Count -title_name "Successful SSH Public key Authentication" -key_name "successful_publickey_ssh" -top_space $false -add_string_0 "├>"
final_output -check_count $main["ssh_disconnections_postauth"].Count -title_name "SSH Disconnections [postauth]" -key_name "ssh_disconnections_postauth" -top_space $false -add_string_0 "└>" -add_string_1 " " -add_string_2 " " -add_string_3 " " -add_string_4 " "
final_output -check_count $main["ssh_logins_calc"].Count -title_name "SSH Logins Calculation" -key_name "ssh_logins_calc" -title_side " - Statistics" -run_once $true -top_space $false -add_string_0 " └->" -add_string_1 " " -add_string_2 " " -add_string_3 " " -add_string_4 " "
}
# password=1 publickey=0
elseif ($main["successful_ssh"].Count -ge 1 -and $main["successful_publickey_ssh"].Count -eq 0) {
final_output -check_count $main["successful_ssh"].Count -title_name "Successful SSH Password Authentication" -key_name "successful_ssh"
final_output -check_count $main["ssh_disconnections_postauth"].Count -title_name "SSH Disconnections [postauth]" -key_name "ssh_disconnections_postauth" -top_space $false -add_string_0 "└->" -add_string_2 " " -add_string_3 " " -add_string_4 " "
final_output -check_count $main["ssh_logins_calc"].Count -title_name "SSH Logins Calculation" -key_name "ssh_logins_calc" -title_side " - Statistics" -run_once $true -top_space $false -add_string_0 " └->" -add_string_1 " " -add_string_2 " " -add_string_3 " " -add_string_4 " "
}
# password=0 publickey=1
elseif ($main["successful_ssh"].Count -eq 0 -and $main["successful_publickey_ssh"].Count -ge 1) {
final_output -check_count $main["successful_publickey_ssh"].Count -title_name "Successful SSH Public key Authentication" -key_name "successful_publickey_ssh"
final_output -check_count $main["ssh_disconnections_postauth"].Count -title_name "SSH Disconnections [postauth]" -key_name "ssh_disconnections_postauth" -top_space $false -add_string_0 "└->" -add_string_2 " " -add_string_3 " " -add_string_4 " "
final_output -check_count $main["ssh_logins_calc"].Count -title_name "SSH Logins Calculation" -key_name "ssh_logins_calc" -title_side " - Statistics" -run_once $true -top_space $false -add_string_0 " └->" -add_string_1 " " -add_string_2 " " -add_string_3 " " -add_string_4 " "
}
#endregion
# SSH Failed Logins
#region
# valid=1 invalid=1
if ($main["valid_users_failed_ssh"].Count -ge 1 -and $main["invalid_users_failed_ssh"].Count -ge 1) {
final_output -check_count $main["valid_users_failed_ssh"].Count -title_name "Valid Users Failed SSH Password Authentication" -key_name "valid_users_failed_ssh" -add_string_0 "┌>"
final_output -check_count $main["invalid_users_failed_ssh"].Count -title_name "Invalid Users Failed SSH Password Authentication" -key_name "invalid_users_failed_ssh" -top_space $false -add_string_0 "├>"
}
# valid=1 invalid=0
elseif ($main["valid_users_failed_ssh"].Count -ge 1 -and $main["invalid_users_failed_ssh"].Count -eq 0) {
final_output -check_count $main["valid_users_failed_ssh"].Count -title_name "Valid Users Failed SSH Password Authentication" -key_name "valid_users_failed_ssh"
}
# valid=0 invalid=1
elseif ($main["valid_users_failed_ssh"].Count -eq 0 -and $main["invalid_users_failed_ssh"].Count -ge 1) {
final_output -check_count $main["invalid_users_failed_ssh"].Count -title_name "Invalid Users Failed SSH Password Authentication" -key_name "invalid_users_failed_ssh"
}
# Dot Sourcing -> 07-ssh_brute_force_detector.ps1
. "$RunningPath\02-LogModules\Auth.Log\03-Features\07-ssh_brute_force_detector.ps1"
final_output -check_count $main["ssh_maxstartups"].Count -title_name "SSH MaxStartups" -key_name "ssh_maxstartups"
#endregion
#endregion
# FTP
final_output -check_count $main["ftp"].Count -title_name "FTP Authentication Failure" -key_name "ftp"
# Dot Sourcing -> 08-ftp_brute_force_detector.ps1
. "$RunningPath\02-LogModules\Auth.Log\03-Features\08-ftp_brute_force_detector.ps1"
# User System Logins
final_output -check_count $main["user_login"].Count -title_name "User System Login" -key_name "user_login"
final_output -check_count $main["user_logout"].Count -title_name "User System Logout" -key_name "user_logout" -top_space $false -add_string_0 "└->" -add_string_2 " " -add_string_3 " " -add_string_4 " "
final_output -check_count $main["system_logins_calc"].Count -title_name "User System Logins Calculation" -key_name "system_logins_calc" -title_side " - Statistics" -run_once $true -top_space $false -add_string_0 " └->" -add_string_1 " " -add_string_2 " " -add_string_3 " " -add_string_4 " "
# Users Groups Activity
final_output -check_count $main["user_creation"].Count -title_name "User Creation" -key_name "user_creation"
final_output -check_count $main["user_deletion"].Count -title_name "User Deletion" -key_name "user_deletion"
final_output -check_count $main["group_creation"].Count -title_name "Group Creation" -key_name "group_creation"
final_output -check_count $main["group_deletion"].Count -title_name "Group Deletion" -key_name "group_deletion"
final_output -check_count $main["user_add_to_group"].Count -title_name "User Added To A Group" -key_name "user_add_to_group"
final_output -check_count $main["user_removed_from_group"].Count -title_name "User Removed From A Group" -key_name "user_removed_from_group"
final_output -check_count $main["user_information_changed"].Count -title_name "User Information Change" -key_name "user_information_changed"
# Passwords
final_output -check_count $main["password_change"].Count -title_name "User Password Change" -key_name "password_change"
# Elevated User Activity
final_output -check_count $main["root_session_opened"].Count -title_name "Elevated Session Opened For User Root" -key_name "root_session_opened"
final_output -check_count $main["root_session_closed"].Count -title_name "Elevated Session Closed For User Root" -key_name "root_session_closed"
final_output -check_count $main["elevated_commands_executions"].Count -title_name "Elevated Commands Executions" -key_name "elevated_commands_executions"
final_output -check_count $main["no_sudo_permission"].Count -title_name "No Permission To Use sudo" -key_name "no_sudo_permission"
# run time
#region
if ($Mode -eq "Developer") {
$formatting_function_run_time = stop_time -start_time $formatting_function_start_time
$formatting_function_run_time
}
#endregion
================================================
FILE: 02-LogModules/Auth.Log/Auth.Log.ps1
================================================
$auth_log_start_time = start_time
# NotFoundHashTable
$NotFoundHashTable = @{}
# Dot Sourcing -> 01-TimePatch.ps1
. "$RunningPath\02-LogModules\Auth.Log\02-TimePatch\01-TimePatch.ps1"
# if statment to check if TimePatch is needed
if ($CreateLogCopy_Flag -eq "True") {
# Dot Sourcing -> CreateLogCopy.ps1
. "$RunningPath\02-LogModules\Auth.Log\01-LogCopy\CreateLogCopy.ps1"
}
# Dot Sourcing -> 01-file_summary_report.ps1
. "$RunningPath\02-LogModules\Auth.Log\03-Features\01-file_summary_report.ps1"
# Dot Sourcing -> 02-event_name_table.ps1
. "$RunningPath\02-LogModules\Auth.Log\03-Features\02-event_name_table.ps1"
# Dot Sourcing -> 03-ip_address_table.ps1
. "$RunningPath\02-LogModules\Auth.Log\03-Features\03-ip_address_table.ps1"
# Dot Sourcing -> 04-regex_search_engine.ps1
. "$RunningPath\02-LogModules\Auth.Log\03-Features\04-regex_search_engine.ps1"
# Dot Sourcing -> 05-system_login_calculation.ps1
. "$RunningPath\02-LogModules\Auth.Log\03-Features\05-system_login_calculation.ps1"
# Dot Sourcing -> 06-ssh_login_calculation.ps1
. "$RunningPath\02-LogModules\Auth.Log\03-Features\06-ssh_login_calculation.ps1"
# Dot Sourcing -> 09-final_output.ps1
. "$RunningPath\02-LogModules\Auth.Log\03-Features\09-final_output.ps1"
Write-Output ""
Write-Output ""
Write-Output " - End of '$Log' Report -"
Write-Output ""
Write-Output ""
# delete the auth.log copty after using it.
Remove-Item -Path $AuthLogCopyLocation
# if the log file was extracted from a GZip file, remove it.
if ($WasExtracted -eq "true") {
Remove-Item -Path "$RunningPath\01-Logs\$Log"
}
$auth_log_run_time = stop_time -start_time $auth_log_start_time
================================================
FILE: 03-Options/00-Banner.ps1
================================================
# Dot Sorcing -> 02-AutoUpdateCheck.ps1
. "$RunningPath\03-Options\02-auto_update_check.ps1"
# ParserMaster Banner
Write-Output " __ ___ __"
Write-Output " / |/ /___ ______/ /____ _____"
Write-Output ' / /|_/ / __ `/ ___/ __/ _ \/ ___/'
Write-Output " / / / / /_/ (__ ) /_/ __/ /"
Write-Output "/_/ /_/\__,_/____/\__/\___/_/"
Write-Output " ____"
Write-Output " / __ \____ ______________ _____"
Write-Output ' / /_/ / __ `/ ___/ ___/ _ \/ ___/'
Write-Output " / ____/ /_/ / / (__ ) __/ /"
Write-Output "/_/ \__,_/_/ /____/\___/_/"
Write-Output ""
Write-Output "GitHub.com/securityjoes/MasterParser"
Write-Output " Author: Eilay Yosfan"
Write-Output ""
if ($ConnectionFlag -eq "True") {
# if statment to comper versions
if ($CurrentVersion -eq $Latestversion) {
Write-Output " This is the latest version $CurrentVersion"
Write-Output " No update is required."
}
else {
Write-Output " Update Available!"
Write-Output " You are using version $CurrentVersion"
Write-Output " The latest version is $latestVersion"
Write-Output " Update is required."
}
}
else {
Write-Output " Version: $CurrentVersion"
}
================================================
FILE: 03-Options/01-Update.ps1
================================================
# check if there is MasterParser.zip under the $RunningPath, if yes, delete it.
if (Test-Path -Path $RunningPath\MasterParser.zip) {
Remove-Item -Path $RunningPath\MasterParser.zip -Force -ErrorAction SilentlyContinue
}
# process title
Write-Output "MasterParser Update Process"
Write-Output "+--------------------------+"
Start-Sleep -Milliseconds 300
Write-Output "[*] Checking connection to GitHub."
# GitHub domain variable
$GitHub = "GitHub.com"
# test conection to GitHub domain
$ConnectionStatus = Test-Connection -ComputerName $GitHub -Count 2 -ErrorAction SilentlyContinue | Select-Object -Property *
# statment to check if the there is connection to GitHub or not
if ($ConnectionStatus) {
Start-Sleep -Milliseconds 300
Write-Output "[*] GitHub is reachable."
}
# execute this if connection to GitHub is NOT reachable
else {
Start-Sleep -Milliseconds 150
Write-Output "[!] GitHub is NOT reachable."
Start-Sleep -Milliseconds 150
Write-Output "[!] Please check your internet connection."
Start-Sleep -Milliseconds 150
Write-Output "[!] Update failed."
exit
}
# write that MasterParser-main.zip is now downloading
Start-Sleep -Milliseconds 300
Write-Output "[*] Downloading the latest MasterParser."
# invoke a web request to download the latest MasterParser ZIP file
Invoke-WebRequest https://github.com/YosfanEilay/AuthLogParser/archive/main/AuthLogParser.zip -OutFile $RunningPath\MasterParser.zip
# if statment to check if download completed successfully
if (Test-Path -Path "$RunningPath\MasterParser.zip"){
Start-Sleep -Milliseconds 300
Write-Output "[*] Download completed successfully."
}
# new file was not found after download under $RunningPath.
else {
Start-Sleep -Milliseconds 150
Write-Output "[!] New MasterParser was not found under $RunningPath"
Start-Sleep -Milliseconds 150
Write-Output "[!] Update failed."
exit
}
# variable to save all files\folders under $RunningPath\*
$MasterParserFiles = Get-Item -Path "$RunningPath\*" | Select-Object -ExpandProperty FullName
# foreach statment to iterate a removing process on all the old files\folders.
foreach ($MasterParserFile in $MasterParserFiles) {
Remove-Item -Path $MasterParserFile -Exclude ("MasterParser.zip") -Force -Recurse -WarningAction Continue -ErrorAction SilentlyContinue | Out-Null
}
# check if the remove was successful, print this if it was failed.
if (Test-Path -Path "$RunningPath\MasterParser.ps1") {
Start-Sleep -Milliseconds 150
Write-Output "[!] Removing old MasterParser was failed."
Start-Sleep -Milliseconds 150
Write-Output "[!] Update failed."
exit
}
# print this if the remove was successfull
else {
Start-Sleep -Milliseconds 150
Write-Output "[*] Old MasterParser was successfully removed."
}
# extract the content of the MasterParser.zip archive
Expand-Archive -Path "$RunningPath\MasterParser.zip" -DestinationPath $RunningPath
# check if the extraction was successfull, print this if it was successfull.
if (Test-Path -Path "$RunningPath\MasterParser-main") {
Start-Sleep -Milliseconds 150
Write-Output "[*] Extracting new MasterParser completed successfully."
}
# print this if it was failed.
else {
Start-Sleep -Milliseconds 150
Write-Output "[!] Failed to extract new MasterParser."
Start-Sleep -Milliseconds 150
Write-Output "[!] Update failed."
exit
}
# transfer all files\folders from AuthLogParser-main to MasterParser folder
Move-Item -Path "$RunningPath\MasterParser-main\*" -Destination $RunningPath
Remove-Item -Path "$RunningPath\MasterParser-main" -Force -ErrorAction SilentlyContinue
# check if the extraction of all files\folders from MasterParser-main folder was successfull, print this if it was successfull.
if (Test-Path -Path "$RunningPath\MasterParser.ps1") {
Start-Sleep -Milliseconds 150
Write-Output "[*] New MasterParser are in place."
Start-Sleep -Milliseconds 150
Write-Output "[*] Update completed successfully."
Write-Output ""
}
else {
Write-Output "[!] Some files are not in place after the update."
Start-Sleep -Milliseconds 150
Write-Output "[!] Update failed."
exit
}
# check if there is MasterParser.zip under the $RunningPath, if yes, delete it.
if (Test-Path -Path $RunningPath\MasterParser.zip) {
Remove-Item -Path $RunningPath\MasterParser.zip -Force -ErrorAction SilentlyContinue
}
================================================
FILE: 03-Options/02-auto_update_check.ps1
================================================
# test conection to GitHub domain
try {
$ConnectionStatus = Test-Connection -ComputerName "GitHub.com" -Count 1 -ErrorAction SilentlyContinue
} catch {
$ConnectionStatus = $false
}
# statment to check if the there is connection to GitHub or not
if ($ConnectionStatus) {
$ConnectionFlag = "True"
# GitHub API URL for the repository releases
$MP_URL = "https://api.github.com/repos/YosfanEilay/MasterParser/releases/latest"
# Use Invoke-RestMethod to make a GET request to the GitHub API
$response = Invoke-RestMethod -Uri $MP_URL -Method Get -ErrorAction Continue
# Extract the version number from the response
$Latestversion = $response.tag_name
}
# execute this if connection to GitHub is NOT reachable
else {
$ConnectionFlag = "False"
}
================================================
FILE: 03-Options/03-Menu.ps1
================================================
Write-Output "┌> How To Run Example: MasterParser.ps1 -O Start"
Write-Output "├~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~╮"
Write-Output "│ Options (-O) │"
Write-Output "├~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~┤"
Write-Output "│ │"
Write-Output "│1. Start Run the tool by parsing all the logs under logs folder │"
Write-Output "│ │"
Write-Output "│2. Menu Show menu of what you can do with MasterParser tool │"
Write-Output "│ │"
Write-Output "│3. Update Update MasterParser to the latest version │"
Write-Output "│ │"
Write-Output "│4. Purge Purge MasterParser tool footprint from this host │"
Write-Output "│ │"
Write-Output "╰~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~╯"
Write-Output ""
================================================
FILE: 03-Options/04-Purge.ps1
================================================
# null flag
$SuccessFlag = $null
# main title print
Write-Output "MasterParser Removal Process"
Write-Output "+--------------------------+"
# variable with all the files to be removed
$AllFiles = Get-Item -Path "$RunningPath\*" | Select-Object -ExpandProperty Name
foreach ($EachFile in $AllFiles) {
# remove the file
Remove-Item -Path "$RunningPath\$EachFile" -Force -Recurse -WarningAction Continue -ErrorAction SilentlyContinue | Out-Null
# check if the file was removed, execute this if the file was not removed.
if (Test-Path -Path "$RunningPath\$EachFile") {
# print this
Write-Output "[!][Not Removed] - $RunningPath\$EachFile"
}
# execute this if the file was removed.
else {
Write-Output "[*][Removed] - $RunningPath\$EachFile"
}
}
# space
Write-Output ""
# second title print
Write-Output "MasterParser Root Folder"
Write-Output "+----------------------+"
# move back 1 directory
cd ..
# remove the file
Remove-Item -Path "MasterParser-main" -Force -Recurse -WarningAction Continue -ErrorAction SilentlyContinue | Out-Null
# execute this if the remove failed
if (Test-Path -Path $RunningPath) {
# print this
Write-Output "[!][Not Removed] - $RunningPath"
}
# execute this if the remove succeeded
else {
# print this
Write-Output "[*][Removed] - $RunningPath"
# flag
$SuccessFlag = "True"
}
# space
Write-Output ""
# 3th title print
Write-Output "Current Directory"
Write-Output "+---------------+"
# get the current directory
$CurrentDirectory = Get-Location
Write-Output "Current Directory is now - $CurrentDirectory"
# space
Write-Output ""
if ($SuccessFlag -eq "True") {
# 4th title print
Write-Output "MasterParser Removal Status"
Write-Output "+-------------------------+"
Write-Output "[*] Purge done successfully."
# space
Write-Output ""
}
else {
# 4th title print
Write-Output "MasterParser Removal Status"
Write-Output "+-------------------------+"
Write-Output "[!] Error: Some files were not removed correctly."
# space
Write-Output ""
}
# null flag
$SuccessFlag = $null
================================================
FILE: 03-Options/05-functions.ps1
================================================
# calculate run time function
#region
function start_time {
return Get-Date
}
function stop_time {
param (
[datetime]$start_time
)
$stop_time = Get-Date
$time_taken = $stop_time - $start_time
return '{0:00}:{1:00}:{2:00}' -f $time_taken.Hours, $time_taken.Minutes, $time_taken.Seconds
# How to Run This Function ?
# at the beginning of the script block you want to masure
# put this argument
#"$name_of_what_you_want_to_measure = start_time"
# and at the end of this script block put this argument
# "$this_is_the_run_time = stop_time -start_time $name_of_what_you_want_to_measure"
}
#endregion
# calculate duration from start_time and end_time
#region
function duration_calc {
param (
[string]$start_time,
[string]$end_time
)
$start_time = $start_time -replace ' ',' '
$end_time = $end_time -replace ' ',' '
$start_time_split = $start_time -split " "
$end_time_split = $end_time -split " "
if ($start_time_split[1].Length -eq 1) {
$StartTimeConverted = [datetime]::ParseExact($start_time,'MMM d HH:mm:ss',$null)
}
elseif ($start_time_split[1].Length -eq 2) {
$StartTimeConverted = [datetime]::ParseExact($start_time,'MMM dd HH:mm:ss',$null)
}
if ($end_time_split[1].Length -eq 1) {
$EndTimeConverted = [datetime]::ParseExact($end_time,'MMM d HH:mm:ss',$null)
}
elseif ($end_time_split[1].Length -eq 2) {
$EndTimeConverted = [datetime]::ParseExact($end_time,'MMM dd HH:mm:ss',$null)
}
$Duration = $EndTimeConverted - $StartTimeConverted
$full_duration = Write-Output "$($Duration.Days) Days $($Duration.Hours) Hours $($Duration.Minutes) Minutes $($Duration.Seconds) Seconds"
return $full_duration
}
#endregion
================================================
FILE: LICENSE
================================================
MIT License
Copyright (c) 2023 Eilay Yosfan (DFIR)
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
================================================
FILE: MasterParser Training/02 - Exercises and Scenarios to investigate/01 - FTP Brute-Force Attack/Auth.Log FTP Brute-Force Attack
================================================
May 9 12:46:09 UBUSRV01 sshd[709]: Server listening on 0.0.0.0 port 22.
May 9 12:46:09 UBUSRV01 sshd[709]: Server listening on :: port 22.
May 9 12:46:09 UBUSRV01 systemd-logind[664]: New seat seat0.
May 9 12:46:09 UBUSRV01 systemd-logind[664]: Watching system buttons on /dev/input/event0 (Power Button)
May 9 12:46:09 UBUSRV01 systemd-logind[664]: Watching system buttons on /dev/input/event1 (Sleep Button)
May 9 12:46:09 UBUSRV01 systemd-logind[664]: Watching system buttons on /dev/input/event2 (AT Translated Set 2 keyboard)
May 9 12:47:24 UBUSRV01 sshd[1080]: Accepted password for eilay from 192.168.2.1 port 56742 ssh2
May 9 12:47:24 UBUSRV01 sshd[1080]: pam_unix(sshd:session): session opened for user eilay(uid=1000) by (uid=0)
May 9 12:47:24 UBUSRV01 systemd-logind[664]: New session 1 of user eilay.
May 9 12:47:24 UBUSRV01 systemd: pam_unix(systemd-user:session): session opened for user eilay(uid=1000) by (uid=0)
May 9 12:49:08 UBUSRV01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May 9 12:49:08 UBUSRV01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:192.168.2.14
May 9 12:49:08 UBUSRV01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May 9 12:49:08 UBUSRV01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:192.168.2.14
May 9 12:49:08 UBUSRV01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May 9 12:49:08 UBUSRV01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May 9 12:49:08 UBUSRV01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:192.168.2.14
May 9 12:49:08 UBUSRV01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=master rhost=::ffff:192.168.2.14
May 9 12:49:08 UBUSRV01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May 9 12:49:08 UBUSRV01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:192.168.2.14
May 9 12:49:08 UBUSRV01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May 9 12:49:08 UBUSRV01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May 9 12:49:08 UBUSRV01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:192.168.2.14
May 9 12:49:08 UBUSRV01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May 9 12:49:08 UBUSRV01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=master rhost=::ffff:192.168.2.14
May 9 12:49:08 UBUSRV01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May 9 12:49:08 UBUSRV01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:192.168.2.14
May 9 12:49:08 UBUSRV01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=master rhost=::ffff:192.168.2.14
May 9 12:49:31 UBUSRV01 sshd[1188]: Received disconnect from 192.168.2.1 port 56742:11: disconnected by user
May 9 12:49:31 UBUSRV01 sshd[1188]: Disconnected from user eilay 192.168.2.1 port 56742
May 9 12:49:31 UBUSRV01 sshd[1080]: pam_unix(sshd:session): session closed for user eilay
May 9 12:49:31 UBUSRV01 systemd-logind[664]: Session 1 logged out. Waiting for processes to exit.
May 9 12:49:31 UBUSRV01 systemd-logind[664]: Removed session 1.
May 9 12:50:07 UBUSRV01 sshd[1231]: Accepted password for eilay from 192.168.2.1 port 56754 ssh2
May 9 12:50:07 UBUSRV01 sshd[1231]: pam_unix(sshd:session): session opened for user eilay(uid=1000) by (uid=0)
May 9 12:50:07 UBUSRV01 systemd-logind[664]: New session 3 of user eilay.
May 9 12:50:07 UBUSRV01 systemd: pam_unix(systemd-user:session): session opened for user eilay(uid=1000) by (uid=0)
================================================
FILE: MasterParser Training/02 - Exercises and Scenarios to investigate/02 - The Disgruntled Employee/Auth.Log The Disgruntled Employee.txt
================================================
May 8 12:08:02 UBUSRV01 sshd[703]: Server listening on 0.0.0.0 port 22.
May 8 12:08:02 UBUSRV01 sshd[703]: Server listening on :: port 22.
May 8 12:08:02 UBUSRV01 systemd-logind[665]: New seat seat0.
May 8 12:08:02 UBUSRV01 systemd-logind[665]: Watching system buttons on /dev/input/event0 (Power Button)
May 8 12:08:02 UBUSRV01 systemd-logind[665]: Watching system buttons on /dev/input/event1 (Sleep Button)
May 8 12:08:02 UBUSRV01 systemd-logind[665]: Watching system buttons on /dev/input/event2 (AT Translated Set 2 keyboard)
May 8 12:08:53 UBUSRV01 sshd[1074]: Accepted password for Employee-17 from 192.168.2.1 port 52749 ssh2
May 8 12:08:53 UBUSRV01 sshd[1074]: pam_unix(sshd:session): session opened for user Employee-17(uid=1000) by (uid=0)
May 8 12:08:53 UBUSRV01 systemd-logind[665]: New session 1 of user Employee-17.
May 8 12:08:53 UBUSRV01 systemd: pam_unix(systemd-user:session): session opened for user Employee-17(uid=1000) by (uid=0)
May 8 12:11:46 UBUSRV01 sudo: Employee-17 : TTY=pts/0 ; PWD=/home/Employee-17 ; USER=root ; COMMAND=/usr/bin/whoami
May 8 12:11:46 UBUSRV01 sudo: pam_unix(sudo:session): session opened for user root(uid=0) by Employee-17(uid=1000)
May 8 12:11:46 UBUSRV01 sudo: pam_unix(sudo:session): session closed for user root
May 8 12:12:51 UBUSRV01 sudo: Employee-17 : TTY=pts/0 ; PWD=/home/Employee-17 ; USER=root ; COMMAND=/usr/bin/cat /etc/passwd
May 8 12:12:51 UBUSRV01 sudo: pam_unix(sudo:session): session opened for user root(uid=0) by Employee-17(uid=1000)
May 8 12:12:51 UBUSRV01 sudo: pam_unix(sudo:session): session closed for user root
May 8 12:13:05 UBUSRV01 sudo: Employee-17 : TTY=pts/0 ; PWD=/home/Employee-17 ; USER=root ; COMMAND=/usr/bin/cat /var/log/auth.log
May 8 12:13:05 UBUSRV01 sudo: pam_unix(sudo:session): session opened for user root(uid=0) by Employee-17(uid=1000)
May 8 12:13:05 UBUSRV01 sudo: pam_unix(sudo:session): session closed for user root
May 8 12:14:05 UBUSRV01 sudo: Employee-17 : TTY=pts/0 ; PWD=/home/Employee-17 ; USER=root ; COMMAND=/usr/bin/systemctl status syslog
May 8 12:14:05 UBUSRV01 sudo: pam_unix(sudo:session): session opened for user root(uid=0) by Employee-17(uid=1000)
May 8 12:14:05 UBUSRV01 sudo: pam_unix(sudo:session): session closed for user root
May 8 12:14:30 UBUSRV01 sudo: Employee-17 : TTY=pts/0 ; PWD=/home/Employee-17 ; USER=root ; COMMAND=/usr/bin/systemctl stop syslog
May 8 12:14:30 UBUSRV01 sudo: pam_unix(sudo:session): session opened for user root(uid=0) by Employee-17(uid=1000)
May 8 12:14:30 UBUSRV01 sudo: pam_unix(sudo:session): session closed for user root
May 8 12:14:40 UBUSRV01 sudo: Employee-17 : TTY=pts/0 ; PWD=/home/Employee-17 ; USER=root ; COMMAND=/usr/bin/systemctl status syslog
May 8 12:14:40 UBUSRV01 sudo: pam_unix(sudo:session): session opened for user root(uid=0) by Employee-17(uid=1000)
May 8 12:14:40 UBUSRV01 sudo: pam_unix(sudo:session): session closed for user root
May 8 12:14:56 UBUSRV01 sudo: Employee-17 : TTY=pts/0 ; PWD=/home/Employee-17 ; USER=root ; COMMAND=/usr/bin/nano /var/log/auth.log
May 8 12:14:56 UBUSRV01 sudo: pam_unix(sudo:session): session opened for user root(uid=0) by Employee-17(uid=1000)
May 8 12:15:01 UBUSRV01 sudo: pam_unix(sudo:session): session closed for user root
May 8 12:15:27 UBUSRV01 sshd[1190]: Received disconnect from 192.168.2.1 port 52749:11: disconnected by user
May 8 12:15:27 UBUSRV01 sshd[1190]: Disconnected from user Employee-17 192.168.2.1 port 52749
May 8 12:15:27 UBUSRV01 sshd[1074]: pam_unix(sshd:session): session closed for user Employee-17
May 8 12:15:27 UBUSRV01 systemd-logind[665]: Session 1 logged out. Waiting for processes to exit.
May 8 12:15:27 UBUSRV01 systemd-logind[665]: Removed session 1.
May 8 12:15:31 UBUSRV01 sshd[1297]: Accepted password for Employee-17 from 192.168.2.1 port 52809 ssh2
May 8 12:15:31 UBUSRV01 sshd[1297]: pam_unix(sshd:session): session opened for user Employee-17(uid=1000) by (uid=0)
May 8 12:15:31 UBUSRV01 systemd-logind[665]: New session 3 of user Employee-17.
May 8 12:15:42 UBUSRV01 sudo: pam_unix(sudo:auth): authentication failure; logname=Employee-17 uid=1000 euid=0 tty=/dev/pts/0 ruser=Employee-17 rhost= user=Employee-17
May 8 12:15:46 UBUSRV01 sudo: Employee-17 : TTY=pts/0 ; PWD=/home/Employee-17 ; USER=root ; COMMAND=/usr/bin/systemctl stop syslog
May 8 12:15:46 UBUSRV01 sudo: pam_unix(sudo:session): session opened for user root(uid=0) by Employee-17(uid=1000)
May 8 12:15:46 UBUSRV01 sudo: pam_unix(sudo:session): session closed for user root
May 8 12:15:50 UBUSRV01 sudo: Employee-17 : TTY=pts/0 ; PWD=/home/Employee-17 ; USER=root ; COMMAND=/usr/bin/systemctl stop syslog.socket
May 8 12:15:50 UBUSRV01 sudo: pam_unix(sudo:session): session opened for user root(uid=0) by Employee-17(uid=1000)
May 8 14:03:23 UBUSRV01 sudo: Employee-17 : TTY=pts/0 ; PWD=/var/log ; USER=root ; COMMAND=/usr/bin/systemctl start syslog
May 8 14:03:23 UBUSRV01 sudo: pam_unix(sudo:session): session opened for user root(uid=0) by Employee-17(uid=1000)
May 8 14:03:23 UBUSRV01 sudo: pam_unix(sudo:session): session closed for user root
May 8 14:04:20 UBUSRV01 sudo: Employee-17 : TTY=pts/0 ; PWD=/var/log ; USER=root ; COMMAND=/usr/bin/systemctl restart syslog
May 8 14:04:20 UBUSRV01 sudo: pam_unix(sudo:session): session opened for user root(uid=0) by Employee-17(uid=1000)
May 8 14:04:20 UBUSRV01 sudo: pam_unix(sudo:session): session closed for user root
May 8 14:06:32 UBUSRV01 sudo: Employee-17 : TTY=pts/0 ; PWD=/var/log ; USER=root ; COMMAND=/usr/bin/ps aux
May 8 14:06:32 UBUSRV01 sudo: pam_unix(sudo:session): session opened for user root(uid=0) by Employee-17(uid=1000)
May 8 14:06:32 UBUSRV01 sudo: pam_unix(sudo:session): session closed for user root
May 8 14:08:01 UBUSRV01 sshd[1190]: Received disconnect from 192.168.2.1 port 52809:11: disconnected by user
May 8 14:08:01 UBUSRV01 sshd[1190]: Disconnected from user Employee-17 192.168.2.1 port 52809
May 8 14:08:01 UBUSRV01 sshd[1074]: pam_unix(sshd:session): session closed for user Employee-17
May 8 14:08:01 UBUSRV01 systemd-logind[665]: Session 3 logged out. Waiting for processes to exit.
May 8 14:08:01 UBUSRV01 systemd-logind[665]: Removed session 3.
================================================
FILE: MasterParser Training/02 - Exercises and Scenarios to investigate/03 - Why The Server is Unavailable/Auth.Log Why The Server is Unavailable
================================================
May 9 11:18:48 SSHJUMPSRV05 sshd[687]: Server listening on 0.0.0.0 port 22.
May 9 11:18:48 SSHJUMPSRV05 sshd[687]: Server listening on :: port 22.
May 9 11:18:48 SSHJUMPSRV05 systemd-logind[664]: New seat seat0.
May 9 11:18:48 SSHJUMPSRV05 systemd-logind[664]: Watching system buttons on /dev/input/event0 (Power Button)
May 9 11:18:48 SSHJUMPSRV05 systemd-logind[664]: Watching system buttons on /dev/input/event1 (Sleep Button)
May 9 11:18:48 SSHJUMPSRV05 systemd-logind[664]: Watching system buttons on /dev/input/event2 (AT Translated Set 2 keyboard)
May 9 11:23:56 SSHJUMPSRV05 sshd[1224]: Invalid user otlak33 from 192.168.2.14 port 38594
May 9 11:23:56 SSHJUMPSRV05 sshd[1224]: Received disconnect from 192.168.2.14 port 38594:11: Bye Bye [preauth]
May 9 11:23:56 SSHJUMPSRV05 sshd[1224]: Disconnected from invalid user otlak33 192.168.2.14 port 38594 [preauth]
May 9 11:23:56 SSHJUMPSRV05 sshd[687]: error: beginning MaxStartups throttling
May 9 11:23:56 SSHJUMPSRV05 sshd[687]: drop connection #10 from [192.168.2.14]:38684 on [192.168.2.13]:22 past MaxStartups
May 9 11:23:57 SSHJUMPSRV05 sshd[1231]: Invalid user bocko202 from 192.168.2.14 port 38640
May 9 11:23:57 SSHJUMPSRV05 sshd[1234]: Invalid user Finochio from 192.168.2.14 port 38662
May 9 11:23:57 SSHJUMPSRV05 sshd[1234]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:23:57 SSHJUMPSRV05 sshd[1234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.14
May 9 11:23:57 SSHJUMPSRV05 sshd[1231]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:23:57 SSHJUMPSRV05 sshd[1231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.14
May 9 11:23:57 SSHJUMPSRV05 sshd[1233]: Invalid user Finochio from 192.168.2.14 port 38656
May 9 11:23:57 SSHJUMPSRV05 sshd[1227]: Invalid user otlak33 from 192.168.2.14 port 38610
May 9 11:23:57 SSHJUMPSRV05 sshd[1229]: Invalid user otlak33 from 192.168.2.14 port 38634
May 9 11:23:57 SSHJUMPSRV05 sshd[1226]: Invalid user otlak33 from 192.168.2.14 port 38600
May 9 11:23:57 SSHJUMPSRV05 sshd[1239]: Invalid user bocko202 from 192.168.2.14 port 38722
May 9 11:23:57 SSHJUMPSRV05 sshd[1237]: Invalid user Marobod from 192.168.2.14 port 38706
May 9 11:23:57 SSHJUMPSRV05 sshd[1238]: Invalid user Marobod from 192.168.2.14 port 38716
May 9 11:23:57 SSHJUMPSRV05 sshd[1236]: Invalid user Marobod from 192.168.2.14 port 38700
May 9 11:23:57 SSHJUMPSRV05 sshd[1229]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:23:57 SSHJUMPSRV05 sshd[1229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.14
May 9 11:23:57 SSHJUMPSRV05 sshd[1237]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:23:57 SSHJUMPSRV05 sshd[1228]: Invalid user otlak33 from 192.168.2.14 port 38618
May 9 11:23:57 SSHJUMPSRV05 sshd[1237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.14
May 9 11:23:57 SSHJUMPSRV05 sshd[1230]: Invalid user bocko202 from 192.168.2.14 port 38636
May 9 11:23:57 SSHJUMPSRV05 sshd[1236]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:23:57 SSHJUMPSRV05 sshd[1236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.14
May 9 11:23:57 SSHJUMPSRV05 sshd[1227]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:23:57 SSHJUMPSRV05 sshd[1228]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:23:57 SSHJUMPSRV05 sshd[1228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.14
May 9 11:23:57 SSHJUMPSRV05 sshd[1227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.14
May 9 11:23:57 SSHJUMPSRV05 sshd[1233]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:23:57 SSHJUMPSRV05 sshd[1233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.14
May 9 11:23:57 SSHJUMPSRV05 sshd[1226]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:23:57 SSHJUMPSRV05 sshd[1226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.14
May 9 11:23:57 SSHJUMPSRV05 sshd[1232]: Invalid user bocko202 from 192.168.2.14 port 38644
May 9 11:23:57 SSHJUMPSRV05 sshd[1239]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:23:57 SSHJUMPSRV05 sshd[1239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.14
May 9 11:23:57 SSHJUMPSRV05 sshd[1235]: Invalid user Finochio from 192.168.2.14 port 38674
May 9 11:23:57 SSHJUMPSRV05 sshd[1235]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:23:57 SSHJUMPSRV05 sshd[1235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.14
May 9 11:23:57 SSHJUMPSRV05 sshd[1230]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:23:57 SSHJUMPSRV05 sshd[1230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.14
May 9 11:23:57 SSHJUMPSRV05 sshd[1232]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:23:57 SSHJUMPSRV05 sshd[1232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.14
May 9 11:23:57 SSHJUMPSRV05 sshd[1238]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:23:57 SSHJUMPSRV05 sshd[1238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.14
May 9 11:23:59 SSHJUMPSRV05 sshd[1234]: Failed password for invalid user Finochio from 192.168.2.14 port 38662 ssh2
May 9 11:23:59 SSHJUMPSRV05 sshd[1231]: Failed password for invalid user bocko202 from 192.168.2.14 port 38640 ssh2
May 9 11:23:59 SSHJUMPSRV05 sshd[1229]: Failed password for invalid user otlak33 from 192.168.2.14 port 38634 ssh2
May 9 11:23:59 SSHJUMPSRV05 sshd[1237]: Failed password for invalid user Marobod from 192.168.2.14 port 38706 ssh2
May 9 11:23:59 SSHJUMPSRV05 sshd[1236]: Failed password for invalid user Marobod from 192.168.2.14 port 38700 ssh2
May 9 11:23:59 SSHJUMPSRV05 sshd[1228]: Failed password for invalid user otlak33 from 192.168.2.14 port 38618 ssh2
May 9 11:23:59 SSHJUMPSRV05 sshd[1227]: Failed password for invalid user otlak33 from 192.168.2.14 port 38610 ssh2
May 9 11:23:59 SSHJUMPSRV05 sshd[1233]: Failed password for invalid user Finochio from 192.168.2.14 port 38656 ssh2
May 9 11:23:59 SSHJUMPSRV05 sshd[1226]: Failed password for invalid user otlak33 from 192.168.2.14 port 38600 ssh2
May 9 11:23:59 SSHJUMPSRV05 sshd[1239]: Failed password for invalid user bocko202 from 192.168.2.14 port 38722 ssh2
May 9 11:23:59 SSHJUMPSRV05 sshd[1235]: Failed password for invalid user Finochio from 192.168.2.14 port 38674 ssh2
May 9 11:23:59 SSHJUMPSRV05 sshd[1232]: Failed password for invalid user bocko202 from 192.168.2.14 port 38644 ssh2
May 9 11:23:59 SSHJUMPSRV05 sshd[1230]: Failed password for invalid user bocko202 from 192.168.2.14 port 38636 ssh2
May 9 11:23:59 SSHJUMPSRV05 sshd[1238]: Failed password for invalid user Marobod from 192.168.2.14 port 38716 ssh2
May 9 11:23:59 SSHJUMPSRV05 sshd[1234]: Received disconnect from 192.168.2.14 port 38662:11: Bye Bye [preauth]
May 9 11:23:59 SSHJUMPSRV05 sshd[1234]: Disconnected from invalid user Finochio 192.168.2.14 port 38662 [preauth]
May 9 11:23:59 SSHJUMPSRV05 sshd[1233]: Received disconnect from 192.168.2.14 port 38656:11: Bye Bye [preauth]
May 9 11:23:59 SSHJUMPSRV05 sshd[1233]: Disconnected from invalid user Finochio 192.168.2.14 port 38656 [preauth]
May 9 11:23:59 SSHJUMPSRV05 sshd[1254]: Invalid user tomos from 192.168.2.14 port 38392
May 9 11:23:59 SSHJUMPSRV05 sshd[1254]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:23:59 SSHJUMPSRV05 sshd[1254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.14
May 9 11:23:59 SSHJUMPSRV05 sshd[1235]: Received disconnect from 192.168.2.14 port 38674:11: Bye Bye [preauth]
May 9 11:23:59 SSHJUMPSRV05 sshd[1235]: Disconnected from invalid user Finochio 192.168.2.14 port 38674 [preauth]
May 9 11:23:59 SSHJUMPSRV05 sshd[1256]: Invalid user tomos from 192.168.2.14 port 38396
May 9 11:23:59 SSHJUMPSRV05 sshd[1256]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:23:59 SSHJUMPSRV05 sshd[1256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.14
May 9 11:23:59 SSHJUMPSRV05 sshd[1258]: Invalid user tomos from 192.168.2.14 port 38398
May 9 11:24:00 SSHJUMPSRV05 sshd[1258]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:24:00 SSHJUMPSRV05 sshd[1258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.14
May 9 11:24:00 SSHJUMPSRV05 sshd[1226]: Received disconnect from 192.168.2.14 port 38600:11: Bye Bye [preauth]
May 9 11:24:00 SSHJUMPSRV05 sshd[1226]: Disconnected from invalid user otlak33 192.168.2.14 port 38600 [preauth]
May 9 11:24:00 SSHJUMPSRV05 sshd[1227]: Received disconnect from 192.168.2.14 port 38610:11: Bye Bye [preauth]
May 9 11:24:00 SSHJUMPSRV05 sshd[1227]: Disconnected from invalid user otlak33 192.168.2.14 port 38610 [preauth]
May 9 11:24:00 SSHJUMPSRV05 sshd[1229]: Received disconnect from 192.168.2.14 port 38634:11: Bye Bye [preauth]
May 9 11:24:00 SSHJUMPSRV05 sshd[1229]: Disconnected from invalid user otlak33 192.168.2.14 port 38634 [preauth]
May 9 11:24:00 SSHJUMPSRV05 sshd[1228]: Received disconnect from 192.168.2.14 port 38618:11: Bye Bye [preauth]
May 9 11:24:00 SSHJUMPSRV05 sshd[1228]: Disconnected from invalid user otlak33 192.168.2.14 port 38618 [preauth]
May 9 11:24:00 SSHJUMPSRV05 sshd[1260]: Invalid user total7711 from 192.168.2.14 port 38422
May 9 11:24:00 SSHJUMPSRV05 sshd[1260]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:24:00 SSHJUMPSRV05 sshd[1260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.14
May 9 11:24:00 SSHJUMPSRV05 sshd[1262]: Invalid user total7711 from 192.168.2.14 port 38444
May 9 11:24:00 SSHJUMPSRV05 sshd[1262]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:24:00 SSHJUMPSRV05 sshd[1262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.14
May 9 11:24:00 SSHJUMPSRV05 sshd[1261]: Invalid user total7711 from 192.168.2.14 port 38428
May 9 11:24:00 SSHJUMPSRV05 sshd[1261]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:24:00 SSHJUMPSRV05 sshd[1261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.14
May 9 11:24:00 SSHJUMPSRV05 sshd[1266]: Invalid user total7711 from 192.168.2.14 port 38454
May 9 11:24:00 SSHJUMPSRV05 sshd[1266]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:24:00 SSHJUMPSRV05 sshd[1266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.14
May 9 11:24:01 SSHJUMPSRV05 sshd[1237]: Received disconnect from 192.168.2.14 port 38706:11: Bye Bye [preauth]
May 9 11:24:01 SSHJUMPSRV05 sshd[1237]: Disconnected from invalid user Marobod 192.168.2.14 port 38706 [preauth]
May 9 11:24:01 SSHJUMPSRV05 sshd[1231]: Received disconnect from 192.168.2.14 port 38640:11: Bye Bye [preauth]
May 9 11:24:01 SSHJUMPSRV05 sshd[1231]: Disconnected from invalid user bocko202 192.168.2.14 port 38640 [preauth]
May 9 11:24:01 SSHJUMPSRV05 sshd[1236]: Received disconnect from 192.168.2.14 port 38700:11: Bye Bye [preauth]
May 9 11:24:01 SSHJUMPSRV05 sshd[1236]: Disconnected from invalid user Marobod 192.168.2.14 port 38700 [preauth]
May 9 11:24:01 SSHJUMPSRV05 sshd[1238]: Received disconnect from 192.168.2.14 port 38716:11: Bye Bye [preauth]
May 9 11:24:01 SSHJUMPSRV05 sshd[1238]: Disconnected from invalid user Marobod 192.168.2.14 port 38716 [preauth]
May 9 11:24:01 SSHJUMPSRV05 sshd[1239]: Received disconnect from 192.168.2.14 port 38722:11: Bye Bye [preauth]
May 9 11:24:01 SSHJUMPSRV05 sshd[1239]: Disconnected from invalid user bocko202 192.168.2.14 port 38722 [preauth]
May 9 11:24:01 SSHJUMPSRV05 sshd[1269]: Invalid user jankrupa from 192.168.2.14 port 38466
May 9 11:24:01 SSHJUMPSRV05 sshd[1269]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:24:01 SSHJUMPSRV05 sshd[1269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.14
May 9 11:24:01 SSHJUMPSRV05 sshd[1232]: Received disconnect from 192.168.2.14 port 38644:11: Bye Bye [preauth]
May 9 11:24:01 SSHJUMPSRV05 sshd[1232]: Disconnected from invalid user bocko202 192.168.2.14 port 38644 [preauth]
May 9 11:24:01 SSHJUMPSRV05 sshd[1268]: Invalid user jankrupa from 192.168.2.14 port 38462
May 9 11:24:01 SSHJUMPSRV05 sshd[1230]: Received disconnect from 192.168.2.14 port 38636:11: Bye Bye [preauth]
May 9 11:24:01 SSHJUMPSRV05 sshd[1230]: Disconnected from invalid user bocko202 192.168.2.14 port 38636 [preauth]
May 9 11:24:01 SSHJUMPSRV05 sshd[1268]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:24:01 SSHJUMPSRV05 sshd[1268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.14
May 9 11:24:01 SSHJUMPSRV05 sshd[1273]: Invalid user Katka333 from 192.168.2.14 port 38506
May 9 11:24:01 SSHJUMPSRV05 sshd[1272]: Invalid user jankrupa from 192.168.2.14 port 38502
May 9 11:24:01 SSHJUMPSRV05 sshd[1273]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:24:01 SSHJUMPSRV05 sshd[1273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.14
May 9 11:24:01 SSHJUMPSRV05 sshd[1272]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:24:01 SSHJUMPSRV05 sshd[1272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.14
May 9 11:24:01 SSHJUMPSRV05 sshd[1278]: Invalid user Katka333 from 192.168.2.14 port 38516
May 9 11:24:01 SSHJUMPSRV05 sshd[1275]: Invalid user Katka333 from 192.168.2.14 port 38508
May 9 11:24:01 SSHJUMPSRV05 sshd[1278]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:24:01 SSHJUMPSRV05 sshd[1278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.14
May 9 11:24:01 SSHJUMPSRV05 sshd[1275]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:24:01 SSHJUMPSRV05 sshd[1275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.14
May 9 11:24:01 SSHJUMPSRV05 sshd[1279]: Invalid user Katka333 from 192.168.2.14 port 38520
May 9 11:24:01 SSHJUMPSRV05 sshd[1279]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:24:01 SSHJUMPSRV05 sshd[1279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.14
May 9 11:24:02 SSHJUMPSRV05 sshd[1254]: Failed password for invalid user tomos from 192.168.2.14 port 38392 ssh2
May 9 11:24:02 SSHJUMPSRV05 sshd[1256]: Failed password for invalid user tomos from 192.168.2.14 port 38396 ssh2
May 9 11:24:02 SSHJUMPSRV05 sshd[1258]: Failed password for invalid user tomos from 192.168.2.14 port 38398 ssh2
May 9 11:24:02 SSHJUMPSRV05 sshd[1260]: Failed password for invalid user total7711 from 192.168.2.14 port 38422 ssh2
May 9 11:24:03 SSHJUMPSRV05 sshd[1262]: Failed password for invalid user total7711 from 192.168.2.14 port 38444 ssh2
May 9 11:24:03 SSHJUMPSRV05 sshd[1261]: Failed password for invalid user total7711 from 192.168.2.14 port 38428 ssh2
May 9 11:24:03 SSHJUMPSRV05 sshd[1266]: Failed password for invalid user total7711 from 192.168.2.14 port 38454 ssh2
May 9 11:24:03 SSHJUMPSRV05 sshd[1260]: Received disconnect from 192.168.2.14 port 38422:11: Bye Bye [preauth]
May 9 11:24:03 SSHJUMPSRV05 sshd[1260]: Disconnected from invalid user total7711 192.168.2.14 port 38422 [preauth]
May 9 11:24:03 SSHJUMPSRV05 sshd[1262]: Received disconnect from 192.168.2.14 port 38444:11: Bye Bye [preauth]
May 9 11:24:03 SSHJUMPSRV05 sshd[1262]: Disconnected from invalid user total7711 192.168.2.14 port 38444 [preauth]
May 9 11:24:03 SSHJUMPSRV05 sshd[1269]: Failed password for invalid user jankrupa from 192.168.2.14 port 38466 ssh2
May 9 11:24:03 SSHJUMPSRV05 sshd[1261]: Received disconnect from 192.168.2.14 port 38428:11: Bye Bye [preauth]
May 9 11:24:03 SSHJUMPSRV05 sshd[1261]: Disconnected from invalid user total7711 192.168.2.14 port 38428 [preauth]
May 9 11:24:03 SSHJUMPSRV05 sshd[1268]: Failed password for invalid user jankrupa from 192.168.2.14 port 38462 ssh2
May 9 11:24:03 SSHJUMPSRV05 sshd[1284]: Invalid user Katka333 from 192.168.2.14 port 38544
May 9 11:24:03 SSHJUMPSRV05 sshd[1282]: Invalid user Katka333 from 192.168.2.14 port 38536
May 9 11:24:03 SSHJUMPSRV05 sshd[1282]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:24:03 SSHJUMPSRV05 sshd[1282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.14
May 9 11:24:03 SSHJUMPSRV05 sshd[1284]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:24:03 SSHJUMPSRV05 sshd[1284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.14
May 9 11:24:03 SSHJUMPSRV05 sshd[1273]: Failed password for invalid user Katka333 from 192.168.2.14 port 38506 ssh2
May 9 11:24:03 SSHJUMPSRV05 sshd[1272]: Failed password for invalid user jankrupa from 192.168.2.14 port 38502 ssh2
May 9 11:24:03 SSHJUMPSRV05 sshd[1278]: Failed password for invalid user Katka333 from 192.168.2.14 port 38516 ssh2
May 9 11:24:03 SSHJUMPSRV05 sshd[1275]: Failed password for invalid user Katka333 from 192.168.2.14 port 38508 ssh2
May 9 11:24:03 SSHJUMPSRV05 sshd[1279]: Failed password for invalid user Katka333 from 192.168.2.14 port 38520 ssh2
May 9 11:24:03 SSHJUMPSRV05 sshd[1266]: Received disconnect from 192.168.2.14 port 38454:11: Bye Bye [preauth]
May 9 11:24:03 SSHJUMPSRV05 sshd[1266]: Disconnected from invalid user total7711 192.168.2.14 port 38454 [preauth]
May 9 11:24:03 SSHJUMPSRV05 sshd[1286]: Invalid user krakonos from 192.168.2.14 port 38562
May 9 11:24:03 SSHJUMPSRV05 sshd[1286]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:24:03 SSHJUMPSRV05 sshd[1286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.14
May 9 11:24:04 SSHJUMPSRV05 sshd[1288]: Invalid user krakonos from 192.168.2.14 port 38572
May 9 11:24:04 SSHJUMPSRV05 sshd[1288]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:24:04 SSHJUMPSRV05 sshd[1288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.14
May 9 11:24:04 SSHJUMPSRV05 sshd[1254]: Received disconnect from 192.168.2.14 port 38392:11: Bye Bye [preauth]
May 9 11:24:04 SSHJUMPSRV05 sshd[1254]: Disconnected from invalid user tomos 192.168.2.14 port 38392 [preauth]
May 9 11:24:04 SSHJUMPSRV05 sshd[1256]: Received disconnect from 192.168.2.14 port 38396:11: Bye Bye [preauth]
May 9 11:24:04 SSHJUMPSRV05 sshd[1256]: Disconnected from invalid user tomos 192.168.2.14 port 38396 [preauth]
May 9 11:24:04 SSHJUMPSRV05 sshd[1290]: Invalid user krakonos from 192.168.2.14 port 38582
May 9 11:24:04 SSHJUMPSRV05 sshd[1290]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:24:04 SSHJUMPSRV05 sshd[1290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.14
May 9 11:24:04 SSHJUMPSRV05 sshd[1258]: Received disconnect from 192.168.2.14 port 38398:11: Bye Bye [preauth]
May 9 11:24:04 SSHJUMPSRV05 sshd[1258]: Disconnected from invalid user tomos 192.168.2.14 port 38398 [preauth]
May 9 11:24:04 SSHJUMPSRV05 sshd[1292]: Invalid user krakonos from 192.168.2.14 port 38596
May 9 11:24:04 SSHJUMPSRV05 sshd[1292]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:24:04 SSHJUMPSRV05 sshd[1292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.14
May 9 11:24:04 SSHJUMPSRV05 sshd[1275]: Received disconnect from 192.168.2.14 port 38508:11: Bye Bye [preauth]
May 9 11:24:04 SSHJUMPSRV05 sshd[1275]: Disconnected from invalid user Katka333 192.168.2.14 port 38508 [preauth]
May 9 11:24:04 SSHJUMPSRV05 sshd[1279]: Received disconnect from 192.168.2.14 port 38520:11: Bye Bye [preauth]
May 9 11:24:04 SSHJUMPSRV05 sshd[1279]: Disconnected from invalid user Katka333 192.168.2.14 port 38520 [preauth]
May 9 11:24:04 SSHJUMPSRV05 sshd[1278]: Received disconnect from 192.168.2.14 port 38516:11: Bye Bye [preauth]
May 9 11:24:04 SSHJUMPSRV05 sshd[1278]: Disconnected from invalid user Katka333 192.168.2.14 port 38516 [preauth]
May 9 11:24:04 SSHJUMPSRV05 sshd[1273]: Received disconnect from 192.168.2.14 port 38506:11: Bye Bye [preauth]
May 9 11:24:04 SSHJUMPSRV05 sshd[1273]: Disconnected from invalid user Katka333 192.168.2.14 port 38506 [preauth]
May 9 11:24:05 SSHJUMPSRV05 sshd[1294]: Invalid user Kochii from 192.168.2.14 port 38626
May 9 11:24:05 SSHJUMPSRV05 sshd[1295]: Invalid user Kochii from 192.168.2.14 port 38642
May 9 11:24:05 SSHJUMPSRV05 sshd[1295]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:24:05 SSHJUMPSRV05 sshd[1295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.14
May 9 11:24:05 SSHJUMPSRV05 sshd[1294]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:24:05 SSHJUMPSRV05 sshd[1294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.14
May 9 11:24:05 SSHJUMPSRV05 sshd[1269]: Connection closed by invalid user jankrupa 192.168.2.14 port 38466 [preauth]
May 9 11:24:05 SSHJUMPSRV05 sshd[1268]: Connection closed by invalid user jankrupa 192.168.2.14 port 38462 [preauth]
May 9 11:24:05 SSHJUMPSRV05 sshd[1272]: Connection closed by invalid user jankrupa 192.168.2.14 port 38502 [preauth]
May 9 11:24:05 SSHJUMPSRV05 sshd[1288]: Failed password for invalid user krakonos from 192.168.2.14 port 38572 ssh2
May 9 11:24:06 SSHJUMPSRV05 sshd[1288]: Connection closed by invalid user krakonos 192.168.2.14 port 38572 [preauth]
May 9 11:24:06 SSHJUMPSRV05 sshd[1284]: Failed password for invalid user Katka333 from 192.168.2.14 port 38544 ssh2
May 9 11:24:06 SSHJUMPSRV05 sshd[1282]: Failed password for invalid user Katka333 from 192.168.2.14 port 38536 ssh2
May 9 11:24:06 SSHJUMPSRV05 sshd[1290]: Failed password for invalid user krakonos from 192.168.2.14 port 38582 ssh2
May 9 11:24:06 SSHJUMPSRV05 sshd[1286]: Failed password for invalid user krakonos from 192.168.2.14 port 38562 ssh2
May 9 11:24:06 SSHJUMPSRV05 sshd[1292]: Failed password for invalid user krakonos from 192.168.2.14 port 38596 ssh2
May 9 11:24:06 SSHJUMPSRV05 sshd[1290]: Connection closed by invalid user krakonos 192.168.2.14 port 38582 [preauth]
May 9 11:24:06 SSHJUMPSRV05 sshd[1292]: Connection closed by invalid user krakonos 192.168.2.14 port 38596 [preauth]
May 9 11:24:06 SSHJUMPSRV05 sshd[1282]: Connection closed by invalid user Katka333 192.168.2.14 port 38536 [preauth]
May 9 11:24:06 SSHJUMPSRV05 sshd[1284]: Connection closed by invalid user Katka333 192.168.2.14 port 38544 [preauth]
May 9 11:24:06 SSHJUMPSRV05 sshd[1295]: Failed password for invalid user Kochii from 192.168.2.14 port 38642 ssh2
May 9 11:24:06 SSHJUMPSRV05 sshd[1294]: Failed password for invalid user Kochii from 192.168.2.14 port 38626 ssh2
May 9 11:24:07 SSHJUMPSRV05 sshd[1286]: Connection closed by invalid user krakonos 192.168.2.14 port 38562 [preauth]
May 9 11:24:08 SSHJUMPSRV05 sshd[1295]: Connection closed by invalid user Kochii 192.168.2.14 port 38642 [preauth]
May 9 11:24:08 SSHJUMPSRV05 sshd[1294]: Connection closed by invalid user Kochii 192.168.2.14 port 38626 [preauth]
May 9 11:27:10 SSHJUMPSRV05 sshd[687]: exited MaxStartups throttling after 00:03:14, 18 connections dropped
May 9 11:27:10 SSHJUMPSRV05 sshd[1302]: Invalid user PiQvola from 192.168.2.15 port 59742
May 9 11:27:10 SSHJUMPSRV05 sshd[1302]: Received disconnect from 192.168.2.15 port 59742:11: Bye Bye [preauth]
May 9 11:27:10 SSHJUMPSRV05 sshd[1302]: Disconnected from invalid user PiQvola 192.168.2.15 port 59742 [preauth]
May 9 11:27:10 SSHJUMPSRV05 sshd[687]: error: beginning MaxStartups throttling
May 9 11:27:10 SSHJUMPSRV05 sshd[687]: drop connection #11 from [192.168.2.15]:59870 on [192.168.2.13]:22 past MaxStartups
May 9 11:27:11 SSHJUMPSRV05 sshd[1304]: Invalid user PiQvola from 192.168.2.15 port 59756
May 9 11:27:11 SSHJUMPSRV05 sshd[1308]: Invalid user Fjody from 192.168.2.15 port 59804
May 9 11:27:11 SSHJUMPSRV05 sshd[1304]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:27:11 SSHJUMPSRV05 sshd[1304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.15
May 9 11:27:11 SSHJUMPSRV05 sshd[1308]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:27:11 SSHJUMPSRV05 sshd[1308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.15
May 9 11:27:11 SSHJUMPSRV05 sshd[1313]: Invalid user Fjody from 192.168.2.15 port 59848
May 9 11:27:11 SSHJUMPSRV05 sshd[1307]: Invalid user PiQvola from 192.168.2.15 port 59778
May 9 11:27:11 SSHJUMPSRV05 sshd[1309]: Invalid user PiQvola from 192.168.2.15 port 59790
May 9 11:27:11 SSHJUMPSRV05 sshd[1313]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:27:11 SSHJUMPSRV05 sshd[1313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.15
May 9 11:27:11 SSHJUMPSRV05 sshd[1306]: Invalid user Fjody from 192.168.2.15 port 59762
May 9 11:27:11 SSHJUMPSRV05 sshd[1305]: Invalid user PiQvola from 192.168.2.15 port 59758
May 9 11:27:11 SSHJUMPSRV05 sshd[1312]: Invalid user Phobos from 192.168.2.15 port 59834
May 9 11:27:11 SSHJUMPSRV05 sshd[1306]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:27:11 SSHJUMPSRV05 sshd[1305]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:27:11 SSHJUMPSRV05 sshd[1305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.15
May 9 11:27:11 SSHJUMPSRV05 sshd[1306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.15
May 9 11:27:11 SSHJUMPSRV05 sshd[1312]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:27:11 SSHJUMPSRV05 sshd[1312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.15
May 9 11:27:11 SSHJUMPSRV05 sshd[1309]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:27:11 SSHJUMPSRV05 sshd[1309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.15
May 9 11:27:11 SSHJUMPSRV05 sshd[1307]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:27:11 SSHJUMPSRV05 sshd[1307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.15
May 9 11:27:11 SSHJUMPSRV05 sshd[1314]: Invalid user kyyyblik from 192.168.2.15 port 59862
May 9 11:27:11 SSHJUMPSRV05 sshd[1310]: Invalid user Phobos from 192.168.2.15 port 59812
May 9 11:27:11 SSHJUMPSRV05 sshd[1314]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:27:11 SSHJUMPSRV05 sshd[1314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.15
May 9 11:27:11 SSHJUMPSRV05 sshd[1318]: Invalid user Fjody from 192.168.2.15 port 59910
May 9 11:27:11 SSHJUMPSRV05 sshd[1317]: Invalid user Phobos from 192.168.2.15 port 59900
May 9 11:27:11 SSHJUMPSRV05 sshd[1316]: Invalid user kyyyblik from 192.168.2.15 port 59878
May 9 11:27:11 SSHJUMPSRV05 sshd[1311]: Invalid user Phobos from 192.168.2.15 port 59826
May 9 11:27:11 SSHJUMPSRV05 sshd[1316]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:27:11 SSHJUMPSRV05 sshd[1316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.15
May 9 11:27:11 SSHJUMPSRV05 sshd[1310]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:27:11 SSHJUMPSRV05 sshd[1310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.15
May 9 11:27:11 SSHJUMPSRV05 sshd[1318]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:27:11 SSHJUMPSRV05 sshd[1318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.15
May 9 11:27:11 SSHJUMPSRV05 sshd[1317]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:27:11 SSHJUMPSRV05 sshd[1317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.15
May 9 11:27:11 SSHJUMPSRV05 sshd[1311]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:27:11 SSHJUMPSRV05 sshd[1311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.15
May 9 11:27:12 SSHJUMPSRV05 sshd[1304]: Failed password for invalid user PiQvola from 192.168.2.15 port 59756 ssh2
May 9 11:27:12 SSHJUMPSRV05 sshd[1308]: Failed password for invalid user Fjody from 192.168.2.15 port 59804 ssh2
May 9 11:27:12 SSHJUMPSRV05 sshd[1304]: Received disconnect from 192.168.2.15 port 59756:11: Bye Bye [preauth]
May 9 11:27:12 SSHJUMPSRV05 sshd[1304]: Disconnected from invalid user PiQvola 192.168.2.15 port 59756 [preauth]
May 9 11:27:13 SSHJUMPSRV05 sshd[1313]: Failed password for invalid user Fjody from 192.168.2.15 port 59848 ssh2
May 9 11:27:13 SSHJUMPSRV05 sshd[1308]: Received disconnect from 192.168.2.15 port 59804:11: Bye Bye [preauth]
May 9 11:27:13 SSHJUMPSRV05 sshd[1308]: Disconnected from invalid user Fjody 192.168.2.15 port 59804 [preauth]
May 9 11:27:13 SSHJUMPSRV05 sshd[1306]: Failed password for invalid user Fjody from 192.168.2.15 port 59762 ssh2
May 9 11:27:13 SSHJUMPSRV05 sshd[1305]: Failed password for invalid user PiQvola from 192.168.2.15 port 59758 ssh2
May 9 11:27:13 SSHJUMPSRV05 sshd[1312]: Failed password for invalid user Phobos from 192.168.2.15 port 59834 ssh2
May 9 11:27:13 SSHJUMPSRV05 sshd[1309]: Failed password for invalid user PiQvola from 192.168.2.15 port 59790 ssh2
May 9 11:27:13 SSHJUMPSRV05 sshd[1307]: Failed password for invalid user PiQvola from 192.168.2.15 port 59778 ssh2
May 9 11:27:13 SSHJUMPSRV05 sshd[1332]: Invalid user olinek22 from 192.168.2.15 port 59920
May 9 11:27:13 SSHJUMPSRV05 sshd[1314]: Failed password for invalid user kyyyblik from 192.168.2.15 port 59862 ssh2
May 9 11:27:13 SSHJUMPSRV05 sshd[1305]: Received disconnect from 192.168.2.15 port 59758:11: Bye Bye [preauth]
May 9 11:27:13 SSHJUMPSRV05 sshd[1305]: Disconnected from invalid user PiQvola 192.168.2.15 port 59758 [preauth]
May 9 11:27:13 SSHJUMPSRV05 sshd[1332]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:27:13 SSHJUMPSRV05 sshd[1332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.15
May 9 11:27:13 SSHJUMPSRV05 sshd[1309]: Received disconnect from 192.168.2.15 port 59790:11: Bye Bye [preauth]
May 9 11:27:13 SSHJUMPSRV05 sshd[1309]: Disconnected from invalid user PiQvola 192.168.2.15 port 59790 [preauth]
May 9 11:27:13 SSHJUMPSRV05 sshd[1307]: Received disconnect from 192.168.2.15 port 59778:11: Bye Bye [preauth]
May 9 11:27:13 SSHJUMPSRV05 sshd[1307]: Disconnected from invalid user PiQvola 192.168.2.15 port 59778 [preauth]
May 9 11:27:13 SSHJUMPSRV05 sshd[1316]: Failed password for invalid user kyyyblik from 192.168.2.15 port 59878 ssh2
May 9 11:27:13 SSHJUMPSRV05 sshd[1310]: Failed password for invalid user Phobos from 192.168.2.15 port 59812 ssh2
May 9 11:27:13 SSHJUMPSRV05 sshd[1318]: Failed password for invalid user Fjody from 192.168.2.15 port 59910 ssh2
May 9 11:27:13 SSHJUMPSRV05 sshd[1313]: Received disconnect from 192.168.2.15 port 59848:11: Bye Bye [preauth]
May 9 11:27:13 SSHJUMPSRV05 sshd[1313]: Disconnected from invalid user Fjody 192.168.2.15 port 59848 [preauth]
May 9 11:27:13 SSHJUMPSRV05 sshd[1311]: Failed password for invalid user Phobos from 192.168.2.15 port 59826 ssh2
May 9 11:27:13 SSHJUMPSRV05 sshd[1317]: Failed password for invalid user Phobos from 192.168.2.15 port 59900 ssh2
May 9 11:27:13 SSHJUMPSRV05 sshd[1306]: Received disconnect from 192.168.2.15 port 59762:11: Bye Bye [preauth]
May 9 11:27:13 SSHJUMPSRV05 sshd[1306]: Disconnected from invalid user Fjody 192.168.2.15 port 59762 [preauth]
May 9 11:27:13 SSHJUMPSRV05 sshd[1314]: Received disconnect from 192.168.2.15 port 59862:11: Bye Bye [preauth]
May 9 11:27:13 SSHJUMPSRV05 sshd[1314]: Disconnected from invalid user kyyyblik 192.168.2.15 port 59862 [preauth]
May 9 11:27:13 SSHJUMPSRV05 sshd[1316]: Received disconnect from 192.168.2.15 port 59878:11: Bye Bye [preauth]
May 9 11:27:13 SSHJUMPSRV05 sshd[1316]: Disconnected from invalid user kyyyblik 192.168.2.15 port 59878 [preauth]
May 9 11:27:13 SSHJUMPSRV05 sshd[1318]: Received disconnect from 192.168.2.15 port 59910:11: Bye Bye [preauth]
May 9 11:27:13 SSHJUMPSRV05 sshd[1318]: Disconnected from invalid user Fjody 192.168.2.15 port 59910 [preauth]
May 9 11:27:13 SSHJUMPSRV05 sshd[1334]: Invalid user olinek22 from 192.168.2.15 port 59932
May 9 11:27:13 SSHJUMPSRV05 sshd[1334]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:27:13 SSHJUMPSRV05 sshd[1334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.15
May 9 11:27:13 SSHJUMPSRV05 sshd[1336]: Invalid user olinek22 from 192.168.2.15 port 59946
May 9 11:27:13 SSHJUMPSRV05 sshd[1337]: Invalid user olinek22 from 192.168.2.15 port 59954
May 9 11:27:13 SSHJUMPSRV05 sshd[1337]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:27:13 SSHJUMPSRV05 sshd[1337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.15
May 9 11:27:13 SSHJUMPSRV05 sshd[1336]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:27:13 SSHJUMPSRV05 sshd[1336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.15
May 9 11:27:13 SSHJUMPSRV05 sshd[1338]: Invalid user _miker_ from 192.168.2.15 port 59974
May 9 11:27:13 SSHJUMPSRV05 sshd[1338]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:27:13 SSHJUMPSRV05 sshd[1338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.15
May 9 11:27:13 SSHJUMPSRV05 sshd[1342]: Invalid user Krabak from 192.168.2.15 port 59998
May 9 11:27:13 SSHJUMPSRV05 sshd[1340]: Invalid user _miker_ from 192.168.2.15 port 59988
May 9 11:27:13 SSHJUMPSRV05 sshd[1342]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:27:13 SSHJUMPSRV05 sshd[1340]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:27:13 SSHJUMPSRV05 sshd[1340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.15
May 9 11:27:13 SSHJUMPSRV05 sshd[1342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.15
May 9 11:27:13 SSHJUMPSRV05 sshd[1345]: Invalid user Krabak from 192.168.2.15 port 60020
May 9 11:27:13 SSHJUMPSRV05 sshd[1346]: Invalid user Krabak from 192.168.2.15 port 60026
May 9 11:27:13 SSHJUMPSRV05 sshd[1345]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:27:13 SSHJUMPSRV05 sshd[1345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.15
May 9 11:27:13 SSHJUMPSRV05 sshd[1346]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:27:13 SSHJUMPSRV05 sshd[1346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.15
May 9 11:27:13 SSHJUMPSRV05 sshd[1343]: Invalid user Krabak from 192.168.2.15 port 60004
May 9 11:27:13 SSHJUMPSRV05 sshd[1343]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:27:13 SSHJUMPSRV05 sshd[1343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.15
May 9 11:27:13 SSHJUMPSRV05 sshd[1312]: Received disconnect from 192.168.2.15 port 59834:11: Bye Bye [preauth]
May 9 11:27:13 SSHJUMPSRV05 sshd[1312]: Disconnected from invalid user Phobos 192.168.2.15 port 59834 [preauth]
May 9 11:27:14 SSHJUMPSRV05 sshd[1310]: Received disconnect from 192.168.2.15 port 59812:11: Bye Bye [preauth]
May 9 11:27:14 SSHJUMPSRV05 sshd[1310]: Disconnected from invalid user Phobos 192.168.2.15 port 59812 [preauth]
May 9 11:27:14 SSHJUMPSRV05 sshd[1317]: Received disconnect from 192.168.2.15 port 59900:11: Bye Bye [preauth]
May 9 11:27:14 SSHJUMPSRV05 sshd[1317]: Disconnected from invalid user Phobos 192.168.2.15 port 59900 [preauth]
May 9 11:27:14 SSHJUMPSRV05 sshd[1311]: Received disconnect from 192.168.2.15 port 59826:11: Bye Bye [preauth]
May 9 11:27:14 SSHJUMPSRV05 sshd[1311]: Disconnected from invalid user Phobos 192.168.2.15 port 59826 [preauth]
May 9 11:27:14 SSHJUMPSRV05 sshd[1352]: Invalid user Krabak from 192.168.2.15 port 60032
May 9 11:27:14 SSHJUMPSRV05 sshd[1352]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:27:14 SSHJUMPSRV05 sshd[1352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.15
May 9 11:27:14 SSHJUMPSRV05 sshd[1355]: Invalid user janco1987 from 192.168.2.15 port 60058
May 9 11:27:14 SSHJUMPSRV05 sshd[1354]: Invalid user janco1987 from 192.168.2.15 port 60046
May 9 11:27:14 SSHJUMPSRV05 sshd[1355]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:27:14 SSHJUMPSRV05 sshd[1355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.15
May 9 11:27:14 SSHJUMPSRV05 sshd[1354]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:27:14 SSHJUMPSRV05 sshd[1354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.15
May 9 11:27:14 SSHJUMPSRV05 sshd[1357]: Invalid user janco1987 from 192.168.2.15 port 60066
May 9 11:27:14 SSHJUMPSRV05 sshd[1357]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:27:14 SSHJUMPSRV05 sshd[1357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.15
May 9 11:27:14 SSHJUMPSRV05 sshd[1332]: Failed password for invalid user olinek22 from 192.168.2.15 port 59920 ssh2
May 9 11:27:14 SSHJUMPSRV05 sshd[1334]: Failed password for invalid user olinek22 from 192.168.2.15 port 59932 ssh2
May 9 11:27:15 SSHJUMPSRV05 sshd[1337]: Failed password for invalid user olinek22 from 192.168.2.15 port 59954 ssh2
May 9 11:27:15 SSHJUMPSRV05 sshd[1336]: Failed password for invalid user olinek22 from 192.168.2.15 port 59946 ssh2
May 9 11:27:15 SSHJUMPSRV05 sshd[1338]: Failed password for invalid user _miker_ from 192.168.2.15 port 59974 ssh2
May 9 11:27:15 SSHJUMPSRV05 sshd[1340]: Failed password for invalid user _miker_ from 192.168.2.15 port 59988 ssh2
May 9 11:27:15 SSHJUMPSRV05 sshd[1342]: Failed password for invalid user Krabak from 192.168.2.15 port 59998 ssh2
May 9 11:27:15 SSHJUMPSRV05 sshd[1345]: Failed password for invalid user Krabak from 192.168.2.15 port 60020 ssh2
May 9 11:27:15 SSHJUMPSRV05 sshd[1346]: Failed password for invalid user Krabak from 192.168.2.15 port 60026 ssh2
May 9 11:27:15 SSHJUMPSRV05 sshd[1343]: Failed password for invalid user Krabak from 192.168.2.15 port 60004 ssh2
May 9 11:27:15 SSHJUMPSRV05 sshd[1342]: Received disconnect from 192.168.2.15 port 59998:11: Bye Bye [preauth]
May 9 11:27:15 SSHJUMPSRV05 sshd[1342]: Disconnected from invalid user Krabak 192.168.2.15 port 59998 [preauth]
May 9 11:27:15 SSHJUMPSRV05 sshd[1345]: Received disconnect from 192.168.2.15 port 60020:11: Bye Bye [preauth]
May 9 11:27:15 SSHJUMPSRV05 sshd[1345]: Disconnected from invalid user Krabak 192.168.2.15 port 60020 [preauth]
May 9 11:27:15 SSHJUMPSRV05 sshd[1346]: Received disconnect from 192.168.2.15 port 60026:11: Bye Bye [preauth]
May 9 11:27:15 SSHJUMPSRV05 sshd[1346]: Disconnected from invalid user Krabak 192.168.2.15 port 60026 [preauth]
May 9 11:27:15 SSHJUMPSRV05 sshd[1343]: Received disconnect from 192.168.2.15 port 60004:11: Bye Bye [preauth]
May 9 11:27:15 SSHJUMPSRV05 sshd[1343]: Disconnected from invalid user Krabak 192.168.2.15 port 60004 [preauth]
May 9 11:27:15 SSHJUMPSRV05 sshd[1360]: Invalid user janco1987 from 192.168.2.15 port 60076
May 9 11:27:15 SSHJUMPSRV05 sshd[1360]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:27:15 SSHJUMPSRV05 sshd[1360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.15
May 9 11:27:15 SSHJUMPSRV05 sshd[1362]: Invalid user besters from 192.168.2.15 port 60096
May 9 11:27:15 SSHJUMPSRV05 sshd[1362]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:27:15 SSHJUMPSRV05 sshd[1362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.15
May 9 11:27:15 SSHJUMPSRV05 sshd[1364]: Invalid user besters from 192.168.2.15 port 60114
May 9 11:27:15 SSHJUMPSRV05 sshd[1364]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:27:15 SSHJUMPSRV05 sshd[1364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.15
May 9 11:27:15 SSHJUMPSRV05 sshd[1363]: Invalid user besters from 192.168.2.15 port 60100
May 9 11:27:15 SSHJUMPSRV05 sshd[1363]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:27:15 SSHJUMPSRV05 sshd[1363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.15
May 9 11:27:15 SSHJUMPSRV05 sshd[1338]: Received disconnect from 192.168.2.15 port 59974:11: Bye Bye [preauth]
May 9 11:27:15 SSHJUMPSRV05 sshd[1338]: Disconnected from invalid user _miker_ 192.168.2.15 port 59974 [preauth]
May 9 11:27:15 SSHJUMPSRV05 sshd[1340]: Received disconnect from 192.168.2.15 port 59988:11: Bye Bye [preauth]
May 9 11:27:15 SSHJUMPSRV05 sshd[1340]: Disconnected from invalid user _miker_ 192.168.2.15 port 59988 [preauth]
May 9 11:27:15 SSHJUMPSRV05 sshd[1368]: Invalid user besters from 192.168.2.15 port 60122
May 9 11:27:15 SSHJUMPSRV05 sshd[1368]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:27:15 SSHJUMPSRV05 sshd[1368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.15
May 9 11:27:15 SSHJUMPSRV05 sshd[1369]: Invalid user besters from 192.168.2.15 port 60132
May 9 11:27:15 SSHJUMPSRV05 sshd[1369]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:27:15 SSHJUMPSRV05 sshd[1369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.15
May 9 11:27:16 SSHJUMPSRV05 sshd[1332]: Received disconnect from 192.168.2.15 port 59920:11: Bye Bye [preauth]
May 9 11:27:16 SSHJUMPSRV05 sshd[1332]: Disconnected from invalid user olinek22 192.168.2.15 port 59920 [preauth]
May 9 11:27:16 SSHJUMPSRV05 sshd[1334]: Received disconnect from 192.168.2.15 port 59932:11: Bye Bye [preauth]
May 9 11:27:16 SSHJUMPSRV05 sshd[1334]: Disconnected from invalid user olinek22 192.168.2.15 port 59932 [preauth]
May 9 11:27:16 SSHJUMPSRV05 sshd[1337]: Received disconnect from 192.168.2.15 port 59954:11: Bye Bye [preauth]
May 9 11:27:16 SSHJUMPSRV05 sshd[1337]: Disconnected from invalid user olinek22 192.168.2.15 port 59954 [preauth]
May 9 11:27:16 SSHJUMPSRV05 sshd[1336]: Received disconnect from 192.168.2.15 port 59946:11: Bye Bye [preauth]
May 9 11:27:16 SSHJUMPSRV05 sshd[1336]: Disconnected from invalid user olinek22 192.168.2.15 port 59946 [preauth]
May 9 11:27:16 SSHJUMPSRV05 sshd[1373]: Invalid user travor567 from 192.168.2.15 port 60166
May 9 11:27:16 SSHJUMPSRV05 sshd[1373]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:27:16 SSHJUMPSRV05 sshd[1373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.15
May 9 11:27:16 SSHJUMPSRV05 sshd[1372]: Invalid user travor567 from 192.168.2.15 port 60154
May 9 11:27:16 SSHJUMPSRV05 sshd[1372]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:27:16 SSHJUMPSRV05 sshd[1372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.15
May 9 11:27:16 SSHJUMPSRV05 sshd[1376]: Invalid user travor567 from 192.168.2.15 port 60170
May 9 11:27:16 SSHJUMPSRV05 sshd[1376]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:27:16 SSHJUMPSRV05 sshd[1376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.15
May 9 11:27:16 SSHJUMPSRV05 sshd[1352]: Failed password for invalid user Krabak from 192.168.2.15 port 60032 ssh2
May 9 11:27:16 SSHJUMPSRV05 sshd[1377]: Invalid user travor567 from 192.168.2.15 port 60178
May 9 11:27:16 SSHJUMPSRV05 sshd[1377]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:27:16 SSHJUMPSRV05 sshd[1377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.15
May 9 11:27:16 SSHJUMPSRV05 sshd[1355]: Failed password for invalid user janco1987 from 192.168.2.15 port 60058 ssh2
May 9 11:27:16 SSHJUMPSRV05 sshd[1354]: Failed password for invalid user janco1987 from 192.168.2.15 port 60046 ssh2
May 9 11:27:16 SSHJUMPSRV05 sshd[1357]: Failed password for invalid user janco1987 from 192.168.2.15 port 60066 ssh2
May 9 11:27:17 SSHJUMPSRV05 sshd[1360]: Failed password for invalid user janco1987 from 192.168.2.15 port 60076 ssh2
May 9 11:27:17 SSHJUMPSRV05 sshd[1362]: Failed password for invalid user besters from 192.168.2.15 port 60096 ssh2
May 9 11:27:17 SSHJUMPSRV05 sshd[1364]: Failed password for invalid user besters from 192.168.2.15 port 60114 ssh2
May 9 11:27:17 SSHJUMPSRV05 sshd[1363]: Failed password for invalid user besters from 192.168.2.15 port 60100 ssh2
May 9 11:27:18 SSHJUMPSRV05 sshd[1352]: Received disconnect from 192.168.2.15 port 60032:11: Bye Bye [preauth]
May 9 11:27:18 SSHJUMPSRV05 sshd[1352]: Disconnected from invalid user Krabak 192.168.2.15 port 60032 [preauth]
May 9 11:27:18 SSHJUMPSRV05 sshd[1368]: Failed password for invalid user besters from 192.168.2.15 port 60122 ssh2
May 9 11:27:18 SSHJUMPSRV05 sshd[1369]: Failed password for invalid user besters from 192.168.2.15 port 60132 ssh2
May 9 11:27:18 SSHJUMPSRV05 sshd[1380]: Invalid user kyyyblik from 192.168.2.15 port 60192
May 9 11:27:18 SSHJUMPSRV05 sshd[1380]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:27:18 SSHJUMPSRV05 sshd[1380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.15
May 9 11:27:18 SSHJUMPSRV05 sshd[1373]: Failed password for invalid user travor567 from 192.168.2.15 port 60166 ssh2
May 9 11:27:18 SSHJUMPSRV05 sshd[1372]: Failed password for invalid user travor567 from 192.168.2.15 port 60154 ssh2
May 9 11:27:18 SSHJUMPSRV05 sshd[1376]: Failed password for invalid user travor567 from 192.168.2.15 port 60170 ssh2
May 9 11:27:18 SSHJUMPSRV05 sshd[1377]: Failed password for invalid user travor567 from 192.168.2.15 port 60178 ssh2
May 9 11:27:18 SSHJUMPSRV05 sshd[1355]: Received disconnect from 192.168.2.15 port 60058:11: Bye Bye [preauth]
May 9 11:27:18 SSHJUMPSRV05 sshd[1355]: Disconnected from invalid user janco1987 192.168.2.15 port 60058 [preauth]
May 9 11:27:18 SSHJUMPSRV05 sshd[1354]: Connection closed by invalid user janco1987 192.168.2.15 port 60046 [preauth]
May 9 11:27:18 SSHJUMPSRV05 sshd[1357]: Connection closed by invalid user janco1987 192.168.2.15 port 60066 [preauth]
May 9 11:27:18 SSHJUMPSRV05 sshd[1382]: Invalid user kyyyblik from 192.168.2.15 port 60204
May 9 11:27:18 SSHJUMPSRV05 sshd[1382]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:27:18 SSHJUMPSRV05 sshd[1382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.15
May 9 11:27:18 SSHJUMPSRV05 sshd[1373]: Connection closed by invalid user travor567 192.168.2.15 port 60166 [preauth]
May 9 11:27:18 SSHJUMPSRV05 sshd[1372]: Connection closed by invalid user travor567 192.168.2.15 port 60154 [preauth]
May 9 11:27:18 SSHJUMPSRV05 sshd[1376]: Connection closed by invalid user travor567 192.168.2.15 port 60170 [preauth]
May 9 11:27:18 SSHJUMPSRV05 sshd[1377]: Connection closed by invalid user travor567 192.168.2.15 port 60178 [preauth]
May 9 11:27:19 SSHJUMPSRV05 sshd[1362]: Connection closed by invalid user besters 192.168.2.15 port 60096 [preauth]
May 9 11:27:19 SSHJUMPSRV05 sshd[1364]: Connection closed by invalid user besters 192.168.2.15 port 60114 [preauth]
May 9 11:27:19 SSHJUMPSRV05 sshd[1363]: Connection closed by invalid user besters 192.168.2.15 port 60100 [preauth]
May 9 11:27:19 SSHJUMPSRV05 sshd[1368]: Connection closed by invalid user besters 192.168.2.15 port 60122 [preauth]
May 9 11:27:19 SSHJUMPSRV05 sshd[1369]: Connection closed by invalid user besters 192.168.2.15 port 60132 [preauth]
May 9 11:27:19 SSHJUMPSRV05 sshd[1360]: Connection closed by invalid user janco1987 192.168.2.15 port 60076 [preauth]
May 9 11:27:19 SSHJUMPSRV05 sshd[1380]: Failed password for invalid user kyyyblik from 192.168.2.15 port 60192 ssh2
May 9 11:27:20 SSHJUMPSRV05 sshd[1380]: Connection closed by invalid user kyyyblik 192.168.2.15 port 60192 [preauth]
May 9 11:27:20 SSHJUMPSRV05 sshd[1382]: Failed password for invalid user kyyyblik from 192.168.2.15 port 60204 ssh2
May 9 11:27:20 SSHJUMPSRV05 sshd[1382]: Connection closed by invalid user kyyyblik 192.168.2.15 port 60204 [preauth]
May 9 11:30:36 SSHJUMPSRV05 sshd[687]: exited MaxStartups throttling after 00:03:25, 9 connections dropped
May 9 11:30:36 SSHJUMPSRV05 sshd[1388]: Invalid user Vlad22 from 192.168.2.16 port 60530
May 9 11:30:36 SSHJUMPSRV05 sshd[1388]: Received disconnect from 192.168.2.16 port 60530:11: Bye Bye [preauth]
May 9 11:30:36 SSHJUMPSRV05 sshd[1388]: Disconnected from invalid user Vlad22 192.168.2.16 port 60530 [preauth]
May 9 11:30:37 SSHJUMPSRV05 sshd[687]: error: beginning MaxStartups throttling
May 9 11:30:37 SSHJUMPSRV05 sshd[687]: drop connection #12 from [192.168.2.16]:60662 on [192.168.2.13]:22 past MaxStartups
May 9 11:30:37 SSHJUMPSRV05 sshd[1393]: Invalid user juras99 from 192.168.2.16 port 60564
May 9 11:30:37 SSHJUMPSRV05 sshd[1397]: Invalid user brosis from 192.168.2.16 port 60588
May 9 11:30:37 SSHJUMPSRV05 sshd[1391]: Invalid user Vlad22 from 192.168.2.16 port 60542
May 9 11:30:37 SSHJUMPSRV05 sshd[1396]: Invalid user brosis from 192.168.2.16 port 60582
May 9 11:30:37 SSHJUMPSRV05 sshd[1395]: Invalid user juras99 from 192.168.2.16 port 60576
May 9 11:30:37 SSHJUMPSRV05 sshd[1397]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:30:37 SSHJUMPSRV05 sshd[1397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.16
May 9 11:30:37 SSHJUMPSRV05 sshd[1396]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:30:37 SSHJUMPSRV05 sshd[1396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.16
May 9 11:30:37 SSHJUMPSRV05 sshd[1395]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:30:37 SSHJUMPSRV05 sshd[1395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.16
May 9 11:30:37 SSHJUMPSRV05 sshd[1391]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:30:37 SSHJUMPSRV05 sshd[1391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.16
May 9 11:30:37 SSHJUMPSRV05 sshd[1399]: Invalid user brosis from 192.168.2.16 port 60620
May 9 11:30:37 SSHJUMPSRV05 sshd[1393]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:30:37 SSHJUMPSRV05 sshd[1393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.16
May 9 11:30:37 SSHJUMPSRV05 sshd[1398]: Invalid user juras99 from 192.168.2.16 port 60604
May 9 11:30:37 SSHJUMPSRV05 sshd[1400]: Invalid user papak79 from 192.168.2.16 port 60636
May 9 11:30:37 SSHJUMPSRV05 sshd[1401]: Invalid user papak79 from 192.168.2.16 port 60646
May 9 11:30:37 SSHJUMPSRV05 sshd[1402]: Invalid user brosis from 192.168.2.16 port 60664
May 9 11:30:37 SSHJUMPSRV05 sshd[1399]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:30:37 SSHJUMPSRV05 sshd[1399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.16
May 9 11:30:37 SSHJUMPSRV05 sshd[1394]: Invalid user Vlad22 from 192.168.2.16 port 60572
May 9 11:30:37 SSHJUMPSRV05 sshd[1398]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:30:37 SSHJUMPSRV05 sshd[1398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.16
May 9 11:30:37 SSHJUMPSRV05 sshd[1401]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:30:37 SSHJUMPSRV05 sshd[1401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.16
May 9 11:30:37 SSHJUMPSRV05 sshd[1394]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:30:37 SSHJUMPSRV05 sshd[1394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.16
May 9 11:30:37 SSHJUMPSRV05 sshd[1402]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:30:37 SSHJUMPSRV05 sshd[1402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.16
May 9 11:30:37 SSHJUMPSRV05 sshd[1390]: Invalid user Vlad22 from 192.168.2.16 port 60534
May 9 11:30:37 SSHJUMPSRV05 sshd[1392]: Invalid user juras99 from 192.168.2.16 port 60550
May 9 11:30:37 SSHJUMPSRV05 sshd[1400]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:30:37 SSHJUMPSRV05 sshd[1400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.16
May 9 11:30:37 SSHJUMPSRV05 sshd[1392]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:30:37 SSHJUMPSRV05 sshd[1392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.16
May 9 11:30:37 SSHJUMPSRV05 sshd[1390]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:30:37 SSHJUMPSRV05 sshd[1390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.16
May 9 11:30:37 SSHJUMPSRV05 sshd[1403]: Invalid user Vlad22 from 192.168.2.16 port 60684
May 9 11:30:37 SSHJUMPSRV05 sshd[1403]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:30:37 SSHJUMPSRV05 sshd[1403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.16
May 9 11:30:39 SSHJUMPSRV05 sshd[1397]: Failed password for invalid user brosis from 192.168.2.16 port 60588 ssh2
May 9 11:30:39 SSHJUMPSRV05 sshd[1396]: Failed password for invalid user brosis from 192.168.2.16 port 60582 ssh2
May 9 11:30:39 SSHJUMPSRV05 sshd[1395]: Failed password for invalid user juras99 from 192.168.2.16 port 60576 ssh2
May 9 11:30:39 SSHJUMPSRV05 sshd[1391]: Failed password for invalid user Vlad22 from 192.168.2.16 port 60542 ssh2
May 9 11:30:39 SSHJUMPSRV05 sshd[1393]: Failed password for invalid user juras99 from 192.168.2.16 port 60564 ssh2
May 9 11:30:39 SSHJUMPSRV05 sshd[1398]: Failed password for invalid user juras99 from 192.168.2.16 port 60604 ssh2
May 9 11:30:39 SSHJUMPSRV05 sshd[1399]: Failed password for invalid user brosis from 192.168.2.16 port 60620 ssh2
May 9 11:30:39 SSHJUMPSRV05 sshd[1401]: Failed password for invalid user papak79 from 192.168.2.16 port 60646 ssh2
May 9 11:30:39 SSHJUMPSRV05 sshd[1394]: Failed password for invalid user Vlad22 from 192.168.2.16 port 60572 ssh2
May 9 11:30:39 SSHJUMPSRV05 sshd[1402]: Failed password for invalid user brosis from 192.168.2.16 port 60664 ssh2
May 9 11:30:39 SSHJUMPSRV05 sshd[1400]: Failed password for invalid user papak79 from 192.168.2.16 port 60636 ssh2
May 9 11:30:39 SSHJUMPSRV05 sshd[1392]: Failed password for invalid user juras99 from 192.168.2.16 port 60550 ssh2
May 9 11:30:39 SSHJUMPSRV05 sshd[1390]: Failed password for invalid user Vlad22 from 192.168.2.16 port 60534 ssh2
May 9 11:30:39 SSHJUMPSRV05 sshd[1403]: Failed password for invalid user Vlad22 from 192.168.2.16 port 60684 ssh2
May 9 11:30:40 SSHJUMPSRV05 sshd[1391]: Received disconnect from 192.168.2.16 port 60542:11: Bye Bye [preauth]
May 9 11:30:40 SSHJUMPSRV05 sshd[1391]: Disconnected from invalid user Vlad22 192.168.2.16 port 60542 [preauth]
May 9 11:30:40 SSHJUMPSRV05 sshd[1394]: Received disconnect from 192.168.2.16 port 60572:11: Bye Bye [preauth]
May 9 11:30:40 SSHJUMPSRV05 sshd[1394]: Disconnected from invalid user Vlad22 192.168.2.16 port 60572 [preauth]
May 9 11:30:40 SSHJUMPSRV05 sshd[1403]: Received disconnect from 192.168.2.16 port 60684:11: Bye Bye [preauth]
May 9 11:30:40 SSHJUMPSRV05 sshd[1403]: Disconnected from invalid user Vlad22 192.168.2.16 port 60684 [preauth]
May 9 11:30:40 SSHJUMPSRV05 sshd[1390]: Received disconnect from 192.168.2.16 port 60534:11: Bye Bye [preauth]
May 9 11:30:40 SSHJUMPSRV05 sshd[1390]: Disconnected from invalid user Vlad22 192.168.2.16 port 60534 [preauth]
May 9 11:30:40 SSHJUMPSRV05 sshd[1418]: Invalid user hankovan from 192.168.2.16 port 52648
May 9 11:30:40 SSHJUMPSRV05 sshd[1418]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:30:40 SSHJUMPSRV05 sshd[1418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.16
May 9 11:30:40 SSHJUMPSRV05 sshd[1420]: Invalid user hankovan from 192.168.2.16 port 52656
May 9 11:30:40 SSHJUMPSRV05 sshd[1420]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:30:40 SSHJUMPSRV05 sshd[1420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.16
May 9 11:30:40 SSHJUMPSRV05 sshd[1397]: Received disconnect from 192.168.2.16 port 60588:11: Bye Bye [preauth]
May 9 11:30:40 SSHJUMPSRV05 sshd[1397]: Disconnected from invalid user brosis 192.168.2.16 port 60588 [preauth]
May 9 11:30:40 SSHJUMPSRV05 sshd[1421]: Invalid user hankovan from 192.168.2.16 port 52672
May 9 11:30:40 SSHJUMPSRV05 sshd[1396]: Received disconnect from 192.168.2.16 port 60582:11: Bye Bye [preauth]
May 9 11:30:40 SSHJUMPSRV05 sshd[1396]: Disconnected from invalid user brosis 192.168.2.16 port 60582 [preauth]
May 9 11:30:40 SSHJUMPSRV05 sshd[1401]: Received disconnect from 192.168.2.16 port 60646:11: Bye Bye [preauth]
May 9 11:30:40 SSHJUMPSRV05 sshd[1401]: Disconnected from invalid user papak79 192.168.2.16 port 60646 [preauth]
May 9 11:30:40 SSHJUMPSRV05 sshd[1399]: Received disconnect from 192.168.2.16 port 60620:11: Bye Bye [preauth]
May 9 11:30:40 SSHJUMPSRV05 sshd[1399]: Disconnected from invalid user brosis 192.168.2.16 port 60620 [preauth]
May 9 11:30:40 SSHJUMPSRV05 sshd[1422]: Invalid user hankovan from 192.168.2.16 port 52676
May 9 11:30:40 SSHJUMPSRV05 sshd[1421]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:30:40 SSHJUMPSRV05 sshd[1421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.16
May 9 11:30:40 SSHJUMPSRV05 sshd[1400]: Received disconnect from 192.168.2.16 port 60636:11: Bye Bye [preauth]
May 9 11:30:40 SSHJUMPSRV05 sshd[1400]: Disconnected from invalid user papak79 192.168.2.16 port 60636 [preauth]
May 9 11:30:40 SSHJUMPSRV05 sshd[1402]: Received disconnect from 192.168.2.16 port 60664:11: Bye Bye [preauth]
May 9 11:30:40 SSHJUMPSRV05 sshd[1402]: Disconnected from invalid user brosis 192.168.2.16 port 60664 [preauth]
May 9 11:30:40 SSHJUMPSRV05 sshd[1422]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:30:40 SSHJUMPSRV05 sshd[1422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.16
May 9 11:30:40 SSHJUMPSRV05 sshd[1432]: Invalid user sapeli from 192.168.2.16 port 52750
May 9 11:30:40 SSHJUMPSRV05 sshd[1432]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:30:40 SSHJUMPSRV05 sshd[1432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.16
May 9 11:30:40 SSHJUMPSRV05 sshd[1426]: Invalid user luculiiik from 192.168.2.16 port 52700
May 9 11:30:40 SSHJUMPSRV05 sshd[1428]: Invalid user sapeli from 192.168.2.16 port 52732
May 9 11:30:40 SSHJUMPSRV05 sshd[1430]: Invalid user sapeli from 192.168.2.16 port 52736
May 9 11:30:40 SSHJUMPSRV05 sshd[1431]: Invalid user sapeli from 192.168.2.16 port 52738
May 9 11:30:40 SSHJUMPSRV05 sshd[1426]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:30:40 SSHJUMPSRV05 sshd[1426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.16
May 9 11:30:40 SSHJUMPSRV05 sshd[1427]: Invalid user sapeli from 192.168.2.16 port 52716
May 9 11:30:40 SSHJUMPSRV05 sshd[1430]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:30:40 SSHJUMPSRV05 sshd[1430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.16
May 9 11:30:40 SSHJUMPSRV05 sshd[1428]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:30:40 SSHJUMPSRV05 sshd[1428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.16
May 9 11:30:40 SSHJUMPSRV05 sshd[1431]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:30:40 SSHJUMPSRV05 sshd[1431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.16
May 9 11:30:40 SSHJUMPSRV05 sshd[1427]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:30:40 SSHJUMPSRV05 sshd[1427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.16
May 9 11:30:41 SSHJUMPSRV05 sshd[1393]: Received disconnect from 192.168.2.16 port 60564:11: Bye Bye [preauth]
May 9 11:30:41 SSHJUMPSRV05 sshd[1395]: Received disconnect from 192.168.2.16 port 60576:11: Bye Bye [preauth]
May 9 11:30:41 SSHJUMPSRV05 sshd[1395]: Disconnected from invalid user juras99 192.168.2.16 port 60576 [preauth]
May 9 11:30:41 SSHJUMPSRV05 sshd[1393]: Disconnected from invalid user juras99 192.168.2.16 port 60564 [preauth]
May 9 11:30:41 SSHJUMPSRV05 sshd[1398]: Received disconnect from 192.168.2.16 port 60604:11: Bye Bye [preauth]
May 9 11:30:41 SSHJUMPSRV05 sshd[1398]: Disconnected from invalid user juras99 192.168.2.16 port 60604 [preauth]
May 9 11:30:41 SSHJUMPSRV05 sshd[1392]: Received disconnect from 192.168.2.16 port 60550:11: Bye Bye [preauth]
May 9 11:30:41 SSHJUMPSRV05 sshd[1392]: Disconnected from invalid user juras99 192.168.2.16 port 60550 [preauth]
May 9 11:30:41 SSHJUMPSRV05 sshd[1440]: Invalid user sury58 from 192.168.2.16 port 52782
May 9 11:30:41 SSHJUMPSRV05 sshd[1438]: Invalid user sapeli from 192.168.2.16 port 52760
May 9 11:30:41 SSHJUMPSRV05 sshd[1438]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:30:41 SSHJUMPSRV05 sshd[1438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.16
May 9 11:30:41 SSHJUMPSRV05 sshd[1439]: Invalid user sury58 from 192.168.2.16 port 52766
May 9 11:30:41 SSHJUMPSRV05 sshd[1440]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:30:41 SSHJUMPSRV05 sshd[1440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.16
May 9 11:30:41 SSHJUMPSRV05 sshd[1439]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:30:41 SSHJUMPSRV05 sshd[1439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.16
May 9 11:30:41 SSHJUMPSRV05 sshd[1443]: Invalid user sury58 from 192.168.2.16 port 52786
May 9 11:30:41 SSHJUMPSRV05 sshd[1443]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:30:41 SSHJUMPSRV05 sshd[1443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.16
May 9 11:30:42 SSHJUMPSRV05 sshd[1418]: Failed password for invalid user hankovan from 192.168.2.16 port 52648 ssh2
May 9 11:30:42 SSHJUMPSRV05 sshd[1420]: Failed password for invalid user hankovan from 192.168.2.16 port 52656 ssh2
May 9 11:30:42 SSHJUMPSRV05 sshd[1421]: Failed password for invalid user hankovan from 192.168.2.16 port 52672 ssh2
May 9 11:30:42 SSHJUMPSRV05 sshd[1422]: Failed password for invalid user hankovan from 192.168.2.16 port 52676 ssh2
May 9 11:30:42 SSHJUMPSRV05 sshd[1432]: Failed password for invalid user sapeli from 192.168.2.16 port 52750 ssh2
May 9 11:30:42 SSHJUMPSRV05 sshd[1426]: Failed password for invalid user luculiiik from 192.168.2.16 port 52700 ssh2
May 9 11:30:42 SSHJUMPSRV05 sshd[1430]: Failed password for invalid user sapeli from 192.168.2.16 port 52736 ssh2
May 9 11:30:42 SSHJUMPSRV05 sshd[1428]: Failed password for invalid user sapeli from 192.168.2.16 port 52732 ssh2
May 9 11:30:42 SSHJUMPSRV05 sshd[1431]: Failed password for invalid user sapeli from 192.168.2.16 port 52738 ssh2
May 9 11:30:42 SSHJUMPSRV05 sshd[1427]: Failed password for invalid user sapeli from 192.168.2.16 port 52716 ssh2
May 9 11:30:42 SSHJUMPSRV05 sshd[1432]: Received disconnect from 192.168.2.16 port 52750:11: Bye Bye [preauth]
May 9 11:30:42 SSHJUMPSRV05 sshd[1432]: Disconnected from invalid user sapeli 192.168.2.16 port 52750 [preauth]
May 9 11:30:42 SSHJUMPSRV05 sshd[1430]: Received disconnect from 192.168.2.16 port 52736:11: Bye Bye [preauth]
May 9 11:30:42 SSHJUMPSRV05 sshd[1430]: Disconnected from invalid user sapeli 192.168.2.16 port 52736 [preauth]
May 9 11:30:42 SSHJUMPSRV05 sshd[1431]: Received disconnect from 192.168.2.16 port 52738:11: Bye Bye [preauth]
May 9 11:30:42 SSHJUMPSRV05 sshd[1431]: Disconnected from invalid user sapeli 192.168.2.16 port 52738 [preauth]
May 9 11:30:42 SSHJUMPSRV05 sshd[1428]: Received disconnect from 192.168.2.16 port 52732:11: Bye Bye [preauth]
May 9 11:30:42 SSHJUMPSRV05 sshd[1428]: Disconnected from invalid user sapeli 192.168.2.16 port 52732 [preauth]
May 9 11:30:42 SSHJUMPSRV05 sshd[1427]: Received disconnect from 192.168.2.16 port 52716:11: Bye Bye [preauth]
May 9 11:30:42 SSHJUMPSRV05 sshd[1427]: Disconnected from invalid user sapeli 192.168.2.16 port 52716 [preauth]
May 9 11:30:42 SSHJUMPSRV05 sshd[1446]: Invalid user sury58 from 192.168.2.16 port 52792
May 9 11:30:42 SSHJUMPSRV05 sshd[1448]: Invalid user sury58 from 192.168.2.16 port 52806
May 9 11:30:42 SSHJUMPSRV05 sshd[1446]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:30:42 SSHJUMPSRV05 sshd[1446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.16
May 9 11:30:42 SSHJUMPSRV05 sshd[1448]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:30:42 SSHJUMPSRV05 sshd[1448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.16
May 9 11:30:42 SSHJUMPSRV05 sshd[1450]: Invalid user zinomaster from 192.168.2.16 port 52820
May 9 11:30:42 SSHJUMPSRV05 sshd[1450]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:30:42 SSHJUMPSRV05 sshd[1450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.16
May 9 11:30:42 SSHJUMPSRV05 sshd[1449]: Invalid user zinomaster from 192.168.2.16 port 52810
May 9 11:30:42 SSHJUMPSRV05 sshd[1451]: Invalid user zinomaster from 192.168.2.16 port 52828
May 9 11:30:42 SSHJUMPSRV05 sshd[1449]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:30:42 SSHJUMPSRV05 sshd[1449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.16
May 9 11:30:42 SSHJUMPSRV05 sshd[1451]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:30:42 SSHJUMPSRV05 sshd[1451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.16
May 9 11:30:43 SSHJUMPSRV05 sshd[1438]: Failed password for invalid user sapeli from 192.168.2.16 port 52760 ssh2
May 9 11:30:43 SSHJUMPSRV05 sshd[1440]: Failed password for invalid user sury58 from 192.168.2.16 port 52782 ssh2
May 9 11:30:43 SSHJUMPSRV05 sshd[1439]: Failed password for invalid user sury58 from 192.168.2.16 port 52766 ssh2
May 9 11:30:43 SSHJUMPSRV05 sshd[1443]: Failed password for invalid user sury58 from 192.168.2.16 port 52786 ssh2
May 9 11:30:43 SSHJUMPSRV05 sshd[1438]: Received disconnect from 192.168.2.16 port 52760:11: Bye Bye [preauth]
May 9 11:30:43 SSHJUMPSRV05 sshd[1438]: Disconnected from invalid user sapeli 192.168.2.16 port 52760 [preauth]
May 9 11:30:43 SSHJUMPSRV05 sshd[1456]: Invalid user zinomaster from 192.168.2.16 port 52838
May 9 11:30:43 SSHJUMPSRV05 sshd[1456]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:30:43 SSHJUMPSRV05 sshd[1456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.16
May 9 11:30:43 SSHJUMPSRV05 sshd[1418]: Received disconnect from 192.168.2.16 port 52648:11: Bye Bye [preauth]
May 9 11:30:43 SSHJUMPSRV05 sshd[1418]: Disconnected from invalid user hankovan 192.168.2.16 port 52648 [preauth]
May 9 11:30:43 SSHJUMPSRV05 sshd[1420]: Received disconnect from 192.168.2.16 port 52656:11: Bye Bye [preauth]
May 9 11:30:43 SSHJUMPSRV05 sshd[1420]: Disconnected from invalid user hankovan 192.168.2.16 port 52656 [preauth]
May 9 11:30:43 SSHJUMPSRV05 sshd[1426]: Received disconnect from 192.168.2.16 port 52700:11: Bye Bye [preauth]
May 9 11:30:43 SSHJUMPSRV05 sshd[1426]: Disconnected from invalid user luculiiik 192.168.2.16 port 52700 [preauth]
May 9 11:30:43 SSHJUMPSRV05 sshd[1458]: Invalid user mahonitop from 192.168.2.16 port 52844
May 9 11:30:44 SSHJUMPSRV05 sshd[1458]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:30:44 SSHJUMPSRV05 sshd[1458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.16
May 9 11:30:44 SSHJUMPSRV05 sshd[1421]: Received disconnect from 192.168.2.16 port 52672:11: Bye Bye [preauth]
May 9 11:30:44 SSHJUMPSRV05 sshd[1421]: Disconnected from invalid user hankovan 192.168.2.16 port 52672 [preauth]
May 9 11:30:44 SSHJUMPSRV05 sshd[1422]: Received disconnect from 192.168.2.16 port 52676:11: Bye Bye [preauth]
May 9 11:30:44 SSHJUMPSRV05 sshd[1422]: Disconnected from invalid user hankovan 192.168.2.16 port 52676 [preauth]
May 9 11:30:44 SSHJUMPSRV05 sshd[1460]: Invalid user mahonitop from 192.168.2.16 port 52860
May 9 11:30:44 SSHJUMPSRV05 sshd[1460]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:30:44 SSHJUMPSRV05 sshd[1460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.16
May 9 11:30:44 SSHJUMPSRV05 sshd[1462]: Invalid user mahonitop from 192.168.2.16 port 52864
May 9 11:30:44 SSHJUMPSRV05 sshd[1462]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:30:44 SSHJUMPSRV05 sshd[1462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.16
May 9 11:30:44 SSHJUMPSRV05 sshd[1464]: Invalid user mahonitop from 192.168.2.16 port 52866
May 9 11:30:44 SSHJUMPSRV05 sshd[1464]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:30:44 SSHJUMPSRV05 sshd[1464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.16
May 9 11:30:44 SSHJUMPSRV05 sshd[1466]: Invalid user papak79 from 192.168.2.16 port 52890
May 9 11:30:44 SSHJUMPSRV05 sshd[1466]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:30:44 SSHJUMPSRV05 sshd[1466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.16
May 9 11:30:44 SSHJUMPSRV05 sshd[1446]: Failed password for invalid user sury58 from 192.168.2.16 port 52792 ssh2
May 9 11:30:44 SSHJUMPSRV05 sshd[1449]: Failed password for invalid user zinomaster from 192.168.2.16 port 52810 ssh2
May 9 11:30:44 SSHJUMPSRV05 sshd[1451]: Failed password for invalid user zinomaster from 192.168.2.16 port 52828 ssh2
May 9 11:30:44 SSHJUMPSRV05 sshd[1450]: Failed password for invalid user zinomaster from 192.168.2.16 port 52820 ssh2
May 9 11:30:44 SSHJUMPSRV05 sshd[1448]: Failed password for invalid user sury58 from 192.168.2.16 port 52806 ssh2
May 9 11:30:44 SSHJUMPSRV05 sshd[1450]: Connection closed by invalid user zinomaster 192.168.2.16 port 52820 [preauth]
May 9 11:30:44 SSHJUMPSRV05 sshd[1449]: Connection closed by invalid user zinomaster 192.168.2.16 port 52810 [preauth]
May 9 11:30:44 SSHJUMPSRV05 sshd[1451]: Connection closed by invalid user zinomaster 192.168.2.16 port 52828 [preauth]
May 9 11:30:44 SSHJUMPSRV05 sshd[1440]: Connection closed by invalid user sury58 192.168.2.16 port 52782 [preauth]
May 9 11:30:44 SSHJUMPSRV05 sshd[1439]: Connection closed by invalid user sury58 192.168.2.16 port 52766 [preauth]
May 9 11:30:44 SSHJUMPSRV05 sshd[1443]: Connection closed by invalid user sury58 192.168.2.16 port 52786 [preauth]
May 9 11:30:45 SSHJUMPSRV05 sshd[1456]: Failed password for invalid user zinomaster from 192.168.2.16 port 52838 ssh2
May 9 11:30:46 SSHJUMPSRV05 sshd[1460]: Failed password for invalid user mahonitop from 192.168.2.16 port 52860 ssh2
May 9 11:30:46 SSHJUMPSRV05 sshd[1462]: Failed password for invalid user mahonitop from 192.168.2.16 port 52864 ssh2
May 9 11:30:46 SSHJUMPSRV05 sshd[1464]: Failed password for invalid user mahonitop from 192.168.2.16 port 52866 ssh2
May 9 11:30:46 SSHJUMPSRV05 sshd[1458]: Failed password for invalid user mahonitop from 192.168.2.16 port 52844 ssh2
May 9 11:30:46 SSHJUMPSRV05 sshd[1458]: Connection closed by invalid user mahonitop 192.168.2.16 port 52844 [preauth]
May 9 11:30:46 SSHJUMPSRV05 sshd[1460]: Connection closed by invalid user mahonitop 192.168.2.16 port 52860 [preauth]
May 9 11:30:46 SSHJUMPSRV05 sshd[1462]: Connection closed by invalid user mahonitop 192.168.2.16 port 52864 [preauth]
May 9 11:30:46 SSHJUMPSRV05 sshd[1464]: Connection closed by invalid user mahonitop 192.168.2.16 port 52866 [preauth]
May 9 11:30:46 SSHJUMPSRV05 sshd[1466]: Failed password for invalid user papak79 from 192.168.2.16 port 52890 ssh2
May 9 11:30:46 SSHJUMPSRV05 sshd[1446]: Connection closed by invalid user sury58 192.168.2.16 port 52792 [preauth]
May 9 11:30:46 SSHJUMPSRV05 sshd[1448]: Connection closed by invalid user sury58 192.168.2.16 port 52806 [preauth]
May 9 11:30:47 SSHJUMPSRV05 sshd[1456]: Connection closed by invalid user zinomaster 192.168.2.16 port 52838 [preauth]
May 9 11:30:47 SSHJUMPSRV05 sshd[1466]: Connection closed by invalid user papak79 192.168.2.16 port 52890 [preauth]
May 9 11:39:30 SSHJUMPSRV05 sshd[687]: exited MaxStartups throttling after 00:08:53, 8 connections dropped
May 9 11:39:30 SSHJUMPSRV05 sshd[1473]: Invalid user facin from 192.168.2.17 port 59700
May 9 11:39:30 SSHJUMPSRV05 sshd[1473]: Received disconnect from 192.168.2.17 port 59700:11: Bye Bye [preauth]
May 9 11:39:30 SSHJUMPSRV05 sshd[1473]: Disconnected from invalid user facin 192.168.2.17 port 59700 [preauth]
May 9 11:39:30 SSHJUMPSRV05 sshd[687]: error: beginning MaxStartups throttling
May 9 11:39:30 SSHJUMPSRV05 sshd[687]: drop connection #13 from [192.168.2.17]:59850 on [192.168.2.13]:22 past MaxStartups
May 9 11:39:30 SSHJUMPSRV05 sshd[1475]: Invalid user facin from 192.168.2.17 port 59706
May 9 11:39:30 SSHJUMPSRV05 sshd[1475]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:39:30 SSHJUMPSRV05 sshd[1475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.17
May 9 11:39:30 SSHJUMPSRV05 sshd[1486]: Invalid user Kaffu from 192.168.2.17 port 59832
May 9 11:39:30 SSHJUMPSRV05 sshd[1480]: Invalid user Kaffu from 192.168.2.17 port 59774
May 9 11:39:30 SSHJUMPSRV05 sshd[1481]: Invalid user Kaffu from 192.168.2.17 port 59790
May 9 11:39:30 SSHJUMPSRV05 sshd[1485]: Invalid user Kaffu from 192.168.2.17 port 59822
May 9 11:39:30 SSHJUMPSRV05 sshd[1480]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:39:30 SSHJUMPSRV05 sshd[1480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.17
May 9 11:39:30 SSHJUMPSRV05 sshd[1479]: Invalid user Janka20 from 192.168.2.17 port 59758
May 9 11:39:30 SSHJUMPSRV05 sshd[1486]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:39:30 SSHJUMPSRV05 sshd[1486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.17
May 9 11:39:30 SSHJUMPSRV05 sshd[1479]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:39:30 SSHJUMPSRV05 sshd[1479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.17
May 9 11:39:30 SSHJUMPSRV05 sshd[1478]: Invalid user facin from 192.168.2.17 port 59742
May 9 11:39:30 SSHJUMPSRV05 sshd[1483]: Invalid user aX1s from 192.168.2.17 port 59810
May 9 11:39:30 SSHJUMPSRV05 sshd[1485]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:39:30 SSHJUMPSRV05 sshd[1485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.17
May 9 11:39:30 SSHJUMPSRV05 sshd[1481]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:39:30 SSHJUMPSRV05 sshd[1481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.17
May 9 11:39:30 SSHJUMPSRV05 sshd[1477]: Invalid user facin from 192.168.2.17 port 59728
May 9 11:39:30 SSHJUMPSRV05 sshd[1484]: Invalid user Janka20 from 192.168.2.17 port 59816
May 9 11:39:30 SSHJUMPSRV05 sshd[1476]: Invalid user facin from 192.168.2.17 port 59714
May 9 11:39:30 SSHJUMPSRV05 sshd[1489]: Invalid user Janka20 from 192.168.2.17 port 59830
May 9 11:39:30 SSHJUMPSRV05 sshd[1478]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:39:30 SSHJUMPSRV05 sshd[1478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.17
May 9 11:39:30 SSHJUMPSRV05 sshd[1477]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:39:30 SSHJUMPSRV05 sshd[1477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.17
May 9 11:39:30 SSHJUMPSRV05 sshd[1476]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:39:30 SSHJUMPSRV05 sshd[1488]: Invalid user aX1s from 192.168.2.17 port 59860
May 9 11:39:30 SSHJUMPSRV05 sshd[1476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.17
May 9 11:39:30 SSHJUMPSRV05 sshd[1482]: Invalid user aX1s from 192.168.2.17 port 59806
May 9 11:39:30 SSHJUMPSRV05 sshd[1484]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:39:30 SSHJUMPSRV05 sshd[1489]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:39:30 SSHJUMPSRV05 sshd[1489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.17
May 9 11:39:31 SSHJUMPSRV05 sshd[1483]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:39:31 SSHJUMPSRV05 sshd[1483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.17
May 9 11:39:31 SSHJUMPSRV05 sshd[1488]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:39:31 SSHJUMPSRV05 sshd[1488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.17
May 9 11:39:31 SSHJUMPSRV05 sshd[1484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.17
May 9 11:39:31 SSHJUMPSRV05 sshd[1487]: Invalid user Janka20 from 192.168.2.17 port 59844
May 9 11:39:31 SSHJUMPSRV05 sshd[1487]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:39:31 SSHJUMPSRV05 sshd[1487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.17
May 9 11:39:31 SSHJUMPSRV05 sshd[1482]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:39:31 SSHJUMPSRV05 sshd[1482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.17
May 9 11:39:32 SSHJUMPSRV05 sshd[1475]: Failed password for invalid user facin from 192.168.2.17 port 59706 ssh2
May 9 11:39:32 SSHJUMPSRV05 sshd[1480]: Failed password for invalid user Kaffu from 192.168.2.17 port 59774 ssh2
May 9 11:39:32 SSHJUMPSRV05 sshd[1486]: Failed password for invalid user Kaffu from 192.168.2.17 port 59832 ssh2
May 9 11:39:32 SSHJUMPSRV05 sshd[1479]: Failed password for invalid user Janka20 from 192.168.2.17 port 59758 ssh2
May 9 11:39:32 SSHJUMPSRV05 sshd[1485]: Failed password for invalid user Kaffu from 192.168.2.17 port 59822 ssh2
May 9 11:39:32 SSHJUMPSRV05 sshd[1481]: Failed password for invalid user Kaffu from 192.168.2.17 port 59790 ssh2
May 9 11:39:32 SSHJUMPSRV05 sshd[1477]: Failed password for invalid user facin from 192.168.2.17 port 59728 ssh2
May 9 11:39:32 SSHJUMPSRV05 sshd[1478]: Failed password for invalid user facin from 192.168.2.17 port 59742 ssh2
May 9 11:39:32 SSHJUMPSRV05 sshd[1476]: Failed password for invalid user facin from 192.168.2.17 port 59714 ssh2
May 9 11:39:32 SSHJUMPSRV05 sshd[1478]: Received disconnect from 192.168.2.17 port 59742:11: Bye Bye [preauth]
May 9 11:39:32 SSHJUMPSRV05 sshd[1478]: Disconnected from invalid user facin 192.168.2.17 port 59742 [preauth]
May 9 11:39:32 SSHJUMPSRV05 sshd[1477]: Received disconnect from 192.168.2.17 port 59728:11: Bye Bye [preauth]
May 9 11:39:32 SSHJUMPSRV05 sshd[1477]: Disconnected from invalid user facin 192.168.2.17 port 59728 [preauth]
May 9 11:39:32 SSHJUMPSRV05 sshd[1489]: Failed password for invalid user Janka20 from 192.168.2.17 port 59830 ssh2
May 9 11:39:32 SSHJUMPSRV05 sshd[1476]: Received disconnect from 192.168.2.17 port 59714:11: Bye Bye [preauth]
May 9 11:39:32 SSHJUMPSRV05 sshd[1476]: Disconnected from invalid user facin 192.168.2.17 port 59714 [preauth]
May 9 11:39:32 SSHJUMPSRV05 sshd[1483]: Failed password for invalid user aX1s from 192.168.2.17 port 59810 ssh2
May 9 11:39:32 SSHJUMPSRV05 sshd[1488]: Failed password for invalid user aX1s from 192.168.2.17 port 59860 ssh2
May 9 11:39:32 SSHJUMPSRV05 sshd[1484]: Failed password for invalid user Janka20 from 192.168.2.17 port 59816 ssh2
May 9 11:39:33 SSHJUMPSRV05 sshd[1506]: Invalid user M4verick36 from 192.168.2.17 port 59882
May 9 11:39:33 SSHJUMPSRV05 sshd[1506]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:39:33 SSHJUMPSRV05 sshd[1506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.17
May 9 11:39:33 SSHJUMPSRV05 sshd[1505]: Invalid user M4verick36 from 192.168.2.17 port 59866
May 9 11:39:33 SSHJUMPSRV05 sshd[1505]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:39:33 SSHJUMPSRV05 sshd[1505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.17
May 9 11:39:33 SSHJUMPSRV05 sshd[1480]: Received disconnect from 192.168.2.17 port 59774:11: Bye Bye [preauth]
May 9 11:39:33 SSHJUMPSRV05 sshd[1480]: Disconnected from invalid user Kaffu 192.168.2.17 port 59774 [preauth]
May 9 11:39:33 SSHJUMPSRV05 sshd[1481]: Received disconnect from 192.168.2.17 port 59790:11: Bye Bye [preauth]
May 9 11:39:33 SSHJUMPSRV05 sshd[1481]: Disconnected from invalid user Kaffu 192.168.2.17 port 59790 [preauth]
May 9 11:39:33 SSHJUMPSRV05 sshd[1487]: Failed password for invalid user Janka20 from 192.168.2.17 port 59844 ssh2
May 9 11:39:33 SSHJUMPSRV05 sshd[1486]: Received disconnect from 192.168.2.17 port 59832:11: Bye Bye [preauth]
May 9 11:39:33 SSHJUMPSRV05 sshd[1482]: Failed password for invalid user aX1s from 192.168.2.17 port 59806 ssh2
May 9 11:39:33 SSHJUMPSRV05 sshd[1486]: Disconnected from invalid user Kaffu 192.168.2.17 port 59832 [preauth]
May 9 11:39:33 SSHJUMPSRV05 sshd[1485]: Received disconnect from 192.168.2.17 port 59822:11: Bye Bye [preauth]
May 9 11:39:33 SSHJUMPSRV05 sshd[1485]: Disconnected from invalid user Kaffu 192.168.2.17 port 59822 [preauth]
May 9 11:39:33 SSHJUMPSRV05 sshd[1509]: Invalid user M4verick36 from 192.168.2.17 port 59896
May 9 11:39:33 SSHJUMPSRV05 sshd[1509]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:39:33 SSHJUMPSRV05 sshd[1509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.17
May 9 11:39:33 SSHJUMPSRV05 sshd[1510]: Invalid user hanysekcv from 192.168.2.17 port 59908
May 9 11:39:33 SSHJUMPSRV05 sshd[1510]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:39:33 SSHJUMPSRV05 sshd[1510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.17
May 9 11:39:33 SSHJUMPSRV05 sshd[1512]: Invalid user hanysekcv from 192.168.2.17 port 59940
May 9 11:39:33 SSHJUMPSRV05 sshd[1512]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:39:33 SSHJUMPSRV05 sshd[1512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.17
May 9 11:39:33 SSHJUMPSRV05 sshd[1515]: Invalid user hanysekcv from 192.168.2.17 port 59952
May 9 11:39:33 SSHJUMPSRV05 sshd[1516]: Invalid user hanysekcv from 192.168.2.17 port 59960
May 9 11:39:33 SSHJUMPSRV05 sshd[1515]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:39:33 SSHJUMPSRV05 sshd[1515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.17
May 9 11:39:33 SSHJUMPSRV05 sshd[1516]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:39:33 SSHJUMPSRV05 sshd[1516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.17
May 9 11:39:34 SSHJUMPSRV05 sshd[1479]: Received disconnect from 192.168.2.17 port 59758:11: Bye Bye [preauth]
May 9 11:39:34 SSHJUMPSRV05 sshd[1479]: Disconnected from invalid user Janka20 192.168.2.17 port 59758 [preauth]
May 9 11:39:34 SSHJUMPSRV05 sshd[1484]: Received disconnect from 192.168.2.17 port 59816:11: Bye Bye [preauth]
May 9 11:39:34 SSHJUMPSRV05 sshd[1484]: Disconnected from invalid user Janka20 192.168.2.17 port 59816 [preauth]
May 9 11:39:34 SSHJUMPSRV05 sshd[1489]: Received disconnect from 192.168.2.17 port 59830:11: Bye Bye [preauth]
May 9 11:39:34 SSHJUMPSRV05 sshd[1489]: Disconnected from invalid user Janka20 192.168.2.17 port 59830 [preauth]
May 9 11:39:34 SSHJUMPSRV05 sshd[1487]: Received disconnect from 192.168.2.17 port 59844:11: Bye Bye [preauth]
May 9 11:39:34 SSHJUMPSRV05 sshd[1487]: Disconnected from invalid user Janka20 192.168.2.17 port 59844 [preauth]
May 9 11:39:34 SSHJUMPSRV05 sshd[1519]: Invalid user hanysekcv from 192.168.2.17 port 59970
May 9 11:39:34 SSHJUMPSRV05 sshd[1488]: Received disconnect from 192.168.2.17 port 59860:11: Bye Bye [preauth]
May 9 11:39:34 SSHJUMPSRV05 sshd[1521]: Invalid user 5jony1 from 192.168.2.17 port 59998
May 9 11:39:34 SSHJUMPSRV05 sshd[1488]: Disconnected from invalid user aX1s 192.168.2.17 port 59860 [preauth]
May 9 11:39:34 SSHJUMPSRV05 sshd[1519]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:39:34 SSHJUMPSRV05 sshd[1519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.17
May 9 11:39:34 SSHJUMPSRV05 sshd[1483]: Received disconnect from 192.168.2.17 port 59810:11: Bye Bye [preauth]
May 9 11:39:34 SSHJUMPSRV05 sshd[1483]: Disconnected from invalid user aX1s 192.168.2.17 port 59810 [preauth]
May 9 11:39:34 SSHJUMPSRV05 sshd[1521]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:39:34 SSHJUMPSRV05 sshd[1521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.17
May 9 11:39:34 SSHJUMPSRV05 sshd[1482]: Received disconnect from 192.168.2.17 port 59806:11: Bye Bye [preauth]
May 9 11:39:34 SSHJUMPSRV05 sshd[1482]: Disconnected from invalid user aX1s 192.168.2.17 port 59806 [preauth]
May 9 11:39:34 SSHJUMPSRV05 sshd[1523]: Invalid user 5jony1 from 192.168.2.17 port 60008
May 9 11:39:34 SSHJUMPSRV05 sshd[1523]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:39:34 SSHJUMPSRV05 sshd[1523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.17
May 9 11:39:34 SSHJUMPSRV05 sshd[1525]: Invalid user 5jony1 from 192.168.2.17 port 60040
May 9 11:39:34 SSHJUMPSRV05 sshd[1526]: Invalid user dumada from 192.168.2.17 port 60062
May 9 11:39:34 SSHJUMPSRV05 sshd[1527]: Invalid user dumada from 192.168.2.17 port 60074
May 9 11:39:34 SSHJUMPSRV05 sshd[1526]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:39:34 SSHJUMPSRV05 sshd[1526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.17
May 9 11:39:34 SSHJUMPSRV05 sshd[1525]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:39:34 SSHJUMPSRV05 sshd[1525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.17
May 9 11:39:34 SSHJUMPSRV05 sshd[1527]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:39:34 SSHJUMPSRV05 sshd[1527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.17
May 9 11:39:34 SSHJUMPSRV05 sshd[1475]: Received disconnect from 192.168.2.17 port 59706:11: Bye Bye [preauth]
May 9 11:39:34 SSHJUMPSRV05 sshd[1475]: Disconnected from invalid user facin 192.168.2.17 port 59706 [preauth]
May 9 11:39:34 SSHJUMPSRV05 sshd[1531]: Invalid user dumada from 192.168.2.17 port 60080
May 9 11:39:34 SSHJUMPSRV05 sshd[1531]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:39:34 SSHJUMPSRV05 sshd[1531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.17
May 9 11:39:34 SSHJUMPSRV05 sshd[1532]: Invalid user dumada from 192.168.2.17 port 60088
May 9 11:39:34 SSHJUMPSRV05 sshd[1532]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:39:34 SSHJUMPSRV05 sshd[1532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.17
May 9 11:39:35 SSHJUMPSRV05 sshd[1506]: Failed password for invalid user M4verick36 from 192.168.2.17 port 59882 ssh2
May 9 11:39:35 SSHJUMPSRV05 sshd[1506]: Received disconnect from 192.168.2.17 port 59882:11: Bye Bye [preauth]
May 9 11:39:35 SSHJUMPSRV05 sshd[1505]: Failed password for invalid user M4verick36 from 192.168.2.17 port 59866 ssh2
May 9 11:39:35 SSHJUMPSRV05 sshd[1506]: Disconnected from invalid user M4verick36 192.168.2.17 port 59882 [preauth]
May 9 11:39:35 SSHJUMPSRV05 sshd[1505]: Received disconnect from 192.168.2.17 port 59866:11: Bye Bye [preauth]
May 9 11:39:35 SSHJUMPSRV05 sshd[1505]: Disconnected from invalid user M4verick36 192.168.2.17 port 59866 [preauth]
May 9 11:39:35 SSHJUMPSRV05 sshd[1535]: Invalid user dumada from 192.168.2.17 port 60104
May 9 11:39:35 SSHJUMPSRV05 sshd[1535]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:39:35 SSHJUMPSRV05 sshd[1535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.17
May 9 11:39:35 SSHJUMPSRV05 sshd[1509]: Failed password for invalid user M4verick36 from 192.168.2.17 port 59896 ssh2
May 9 11:39:35 SSHJUMPSRV05 sshd[1510]: Failed password for invalid user hanysekcv from 192.168.2.17 port 59908 ssh2
May 9 11:39:35 SSHJUMPSRV05 sshd[1509]: Received disconnect from 192.168.2.17 port 59896:11: Bye Bye [preauth]
May 9 11:39:35 SSHJUMPSRV05 sshd[1509]: Disconnected from invalid user M4verick36 192.168.2.17 port 59896 [preauth]
May 9 11:39:35 SSHJUMPSRV05 sshd[1512]: Failed password for invalid user hanysekcv from 192.168.2.17 port 59940 ssh2
May 9 11:39:35 SSHJUMPSRV05 sshd[1538]: Invalid user fufino37 from 192.168.2.17 port 60120
May 9 11:39:35 SSHJUMPSRV05 sshd[1538]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:39:35 SSHJUMPSRV05 sshd[1538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.17
May 9 11:39:35 SSHJUMPSRV05 sshd[1515]: Failed password for invalid user hanysekcv from 192.168.2.17 port 59952 ssh2
May 9 11:39:35 SSHJUMPSRV05 sshd[1516]: Failed password for invalid user hanysekcv from 192.168.2.17 port 59960 ssh2
May 9 11:39:36 SSHJUMPSRV05 sshd[1540]: Invalid user fufino37 from 192.168.2.17 port 60150
May 9 11:39:36 SSHJUMPSRV05 sshd[1540]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:39:36 SSHJUMPSRV05 sshd[1540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.17
May 9 11:39:36 SSHJUMPSRV05 sshd[1510]: Received disconnect from 192.168.2.17 port 59908:11: Bye Bye [preauth]
May 9 11:39:36 SSHJUMPSRV05 sshd[1510]: Disconnected from invalid user hanysekcv 192.168.2.17 port 59908 [preauth]
May 9 11:39:36 SSHJUMPSRV05 sshd[1512]: Received disconnect from 192.168.2.17 port 59940:11: Bye Bye [preauth]
May 9 11:39:36 SSHJUMPSRV05 sshd[1512]: Disconnected from invalid user hanysekcv 192.168.2.17 port 59940 [preauth]
May 9 11:39:36 SSHJUMPSRV05 sshd[1542]: Invalid user fufino37 from 192.168.2.17 port 60160
May 9 11:39:36 SSHJUMPSRV05 sshd[1542]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:39:36 SSHJUMPSRV05 sshd[1542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.17
May 9 11:39:36 SSHJUMPSRV05 sshd[1544]: Invalid user fufino37 from 192.168.2.17 port 60164
May 9 11:39:36 SSHJUMPSRV05 sshd[1544]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:39:36 SSHJUMPSRV05 sshd[1544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.17
May 9 11:39:36 SSHJUMPSRV05 sshd[1519]: Failed password for invalid user hanysekcv from 192.168.2.17 port 59970 ssh2
May 9 11:39:36 SSHJUMPSRV05 sshd[1515]: Received disconnect from 192.168.2.17 port 59952:11: Bye Bye [preauth]
May 9 11:39:36 SSHJUMPSRV05 sshd[1515]: Disconnected from invalid user hanysekcv 192.168.2.17 port 59952 [preauth]
May 9 11:39:36 SSHJUMPSRV05 sshd[1521]: Failed password for invalid user 5jony1 from 192.168.2.17 port 59998 ssh2
May 9 11:39:36 SSHJUMPSRV05 sshd[1516]: Received disconnect from 192.168.2.17 port 59960:11: Bye Bye [preauth]
May 9 11:39:36 SSHJUMPSRV05 sshd[1516]: Disconnected from invalid user hanysekcv 192.168.2.17 port 59960 [preauth]
May 9 11:39:37 SSHJUMPSRV05 sshd[1523]: Failed password for invalid user 5jony1 from 192.168.2.17 port 60008 ssh2
May 9 11:39:37 SSHJUMPSRV05 sshd[1546]: Invalid user sulcm12 from 192.168.2.17 port 60172
May 9 11:39:37 SSHJUMPSRV05 sshd[1547]: Invalid user sulcm12 from 192.168.2.17 port 60176
May 9 11:39:37 SSHJUMPSRV05 sshd[1547]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:39:37 SSHJUMPSRV05 sshd[1547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.17
May 9 11:39:37 SSHJUMPSRV05 sshd[1546]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:39:37 SSHJUMPSRV05 sshd[1546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.17
May 9 11:39:37 SSHJUMPSRV05 sshd[1526]: Failed password for invalid user dumada from 192.168.2.17 port 60062 ssh2
May 9 11:39:37 SSHJUMPSRV05 sshd[1525]: Failed password for invalid user 5jony1 from 192.168.2.17 port 60040 ssh2
May 9 11:39:37 SSHJUMPSRV05 sshd[1527]: Failed password for invalid user dumada from 192.168.2.17 port 60074 ssh2
May 9 11:39:37 SSHJUMPSRV05 sshd[1531]: Failed password for invalid user dumada from 192.168.2.17 port 60080 ssh2
May 9 11:39:37 SSHJUMPSRV05 sshd[1532]: Failed password for invalid user dumada from 192.168.2.17 port 60088 ssh2
May 9 11:39:37 SSHJUMPSRV05 sshd[1527]: Received disconnect from 192.168.2.17 port 60074:11: Bye Bye [preauth]
May 9 11:39:37 SSHJUMPSRV05 sshd[1527]: Disconnected from invalid user dumada 192.168.2.17 port 60074 [preauth]
May 9 11:39:37 SSHJUMPSRV05 sshd[1526]: Received disconnect from 192.168.2.17 port 60062:11: Bye Bye [preauth]
May 9 11:39:37 SSHJUMPSRV05 sshd[1526]: Disconnected from invalid user dumada 192.168.2.17 port 60062 [preauth]
May 9 11:39:37 SSHJUMPSRV05 sshd[1531]: Received disconnect from 192.168.2.17 port 60080:11: Bye Bye [preauth]
May 9 11:39:37 SSHJUMPSRV05 sshd[1531]: Disconnected from invalid user dumada 192.168.2.17 port 60080 [preauth]
May 9 11:39:37 SSHJUMPSRV05 sshd[1550]: Invalid user sulcm12 from 192.168.2.17 port 60192
May 9 11:39:37 SSHJUMPSRV05 sshd[1532]: Received disconnect from 192.168.2.17 port 60088:11: Bye Bye [preauth]
May 9 11:39:37 SSHJUMPSRV05 sshd[1532]: Disconnected from invalid user dumada 192.168.2.17 port 60088 [preauth]
May 9 11:39:37 SSHJUMPSRV05 sshd[1550]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:39:37 SSHJUMPSRV05 sshd[1550]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.17
May 9 11:39:37 SSHJUMPSRV05 sshd[1535]: Failed password for invalid user dumada from 192.168.2.17 port 60104 ssh2
May 9 11:39:37 SSHJUMPSRV05 sshd[1552]: Invalid user ivan250188 from 192.168.2.17 port 60194
May 9 11:39:37 SSHJUMPSRV05 sshd[1552]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:39:37 SSHJUMPSRV05 sshd[1552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.17
May 9 11:39:37 SSHJUMPSRV05 sshd[1553]: Invalid user ivan250188 from 192.168.2.17 port 60198
May 9 11:39:37 SSHJUMPSRV05 sshd[1553]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:39:37 SSHJUMPSRV05 sshd[1553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.17
May 9 11:39:37 SSHJUMPSRV05 sshd[1555]: Invalid user ivan250188 from 192.168.2.17 port 60206
May 9 11:39:37 SSHJUMPSRV05 sshd[1555]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:39:37 SSHJUMPSRV05 sshd[1555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.17
May 9 11:39:37 SSHJUMPSRV05 sshd[1538]: Failed password for invalid user fufino37 from 192.168.2.17 port 60120 ssh2
May 9 11:39:37 SSHJUMPSRV05 sshd[1519]: Received disconnect from 192.168.2.17 port 59970:11: Bye Bye [preauth]
May 9 11:39:37 SSHJUMPSRV05 sshd[1519]: Disconnected from invalid user hanysekcv 192.168.2.17 port 59970 [preauth]
May 9 11:39:38 SSHJUMPSRV05 sshd[1521]: Received disconnect from 192.168.2.17 port 59998:11: Bye Bye [preauth]
May 9 11:39:38 SSHJUMPSRV05 sshd[1521]: Disconnected from invalid user 5jony1 192.168.2.17 port 59998 [preauth]
May 9 11:39:38 SSHJUMPSRV05 sshd[1523]: Received disconnect from 192.168.2.17 port 60008:11: Bye Bye [preauth]
May 9 11:39:38 SSHJUMPSRV05 sshd[1523]: Disconnected from invalid user 5jony1 192.168.2.17 port 60008 [preauth]
May 9 11:39:38 SSHJUMPSRV05 sshd[1535]: Connection closed by invalid user dumada 192.168.2.17 port 60104 [preauth]
May 9 11:39:38 SSHJUMPSRV05 sshd[1525]: Connection closed by invalid user 5jony1 192.168.2.17 port 60040 [preauth]
May 9 11:39:38 SSHJUMPSRV05 sshd[1559]: Invalid user ivan250188 from 192.168.2.17 port 60232
May 9 11:39:38 SSHJUMPSRV05 sshd[1559]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:39:38 SSHJUMPSRV05 sshd[1558]: Invalid user ivan250188 from 192.168.2.17 port 60224
May 9 11:39:38 SSHJUMPSRV05 sshd[1559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.17
May 9 11:39:38 SSHJUMPSRV05 sshd[1558]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:39:38 SSHJUMPSRV05 sshd[1558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.17
May 9 11:39:38 SSHJUMPSRV05 sshd[1540]: Failed password for invalid user fufino37 from 192.168.2.17 port 60150 ssh2
May 9 11:39:38 SSHJUMPSRV05 sshd[1538]: Connection closed by invalid user fufino37 192.168.2.17 port 60120 [preauth]
May 9 11:39:38 SSHJUMPSRV05 sshd[1546]: Failed password for invalid user sulcm12 from 192.168.2.17 port 60172 ssh2
May 9 11:39:38 SSHJUMPSRV05 sshd[1547]: Failed password for invalid user sulcm12 from 192.168.2.17 port 60176 ssh2
May 9 11:39:39 SSHJUMPSRV05 sshd[1542]: Failed password for invalid user fufino37 from 192.168.2.17 port 60160 ssh2
May 9 11:39:39 SSHJUMPSRV05 sshd[1544]: Failed password for invalid user fufino37 from 192.168.2.17 port 60164 ssh2
May 9 11:39:39 SSHJUMPSRV05 sshd[1540]: Connection closed by invalid user fufino37 192.168.2.17 port 60150 [preauth]
May 9 11:39:39 SSHJUMPSRV05 sshd[1550]: Failed password for invalid user sulcm12 from 192.168.2.17 port 60192 ssh2
May 9 11:39:39 SSHJUMPSRV05 sshd[1552]: Failed password for invalid user ivan250188 from 192.168.2.17 port 60194 ssh2
May 9 11:39:39 SSHJUMPSRV05 sshd[1553]: Failed password for invalid user ivan250188 from 192.168.2.17 port 60198 ssh2
May 9 11:39:39 SSHJUMPSRV05 sshd[1555]: Failed password for invalid user ivan250188 from 192.168.2.17 port 60206 ssh2
May 9 11:39:39 SSHJUMPSRV05 sshd[1542]: Connection closed by invalid user fufino37 192.168.2.17 port 60160 [preauth]
May 9 11:39:39 SSHJUMPSRV05 sshd[1544]: Connection closed by invalid user fufino37 192.168.2.17 port 60164 [preauth]
May 9 11:39:39 SSHJUMPSRV05 sshd[1559]: Failed password for invalid user ivan250188 from 192.168.2.17 port 60232 ssh2
May 9 11:39:40 SSHJUMPSRV05 sshd[1558]: Failed password for invalid user ivan250188 from 192.168.2.17 port 60224 ssh2
May 9 11:39:40 SSHJUMPSRV05 sshd[1559]: Connection closed by invalid user ivan250188 192.168.2.17 port 60232 [preauth]
May 9 11:39:40 SSHJUMPSRV05 sshd[1558]: Connection closed by invalid user ivan250188 192.168.2.17 port 60224 [preauth]
May 9 11:39:40 SSHJUMPSRV05 sshd[1546]: Connection closed by invalid user sulcm12 192.168.2.17 port 60172 [preauth]
May 9 11:39:40 SSHJUMPSRV05 sshd[1547]: Connection closed by invalid user sulcm12 192.168.2.17 port 60176 [preauth]
May 9 11:39:40 SSHJUMPSRV05 sshd[1550]: Connection closed by invalid user sulcm12 192.168.2.17 port 60192 [preauth]
May 9 11:39:41 SSHJUMPSRV05 sshd[1552]: Connection closed by invalid user ivan250188 192.168.2.17 port 60194 [preauth]
May 9 11:39:41 SSHJUMPSRV05 sshd[1553]: Connection closed by invalid user ivan250188 192.168.2.17 port 60198 [preauth]
May 9 11:39:41 SSHJUMPSRV05 sshd[1555]: Connection closed by invalid user ivan250188 192.168.2.17 port 60206 [preauth]
May 9 11:41:58 SSHJUMPSRV05 sshd[687]: exited MaxStartups throttling after 00:02:28, 16 connections dropped
May 9 11:41:59 SSHJUMPSRV05 sshd[1563]: Received disconnect from 192.168.2.18 port 45586:11: Bye Bye [preauth]
May 9 11:41:59 SSHJUMPSRV05 sshd[1563]: Disconnected from authenticating user Kevin 192.168.2.18 port 45586 [preauth]
May 9 11:41:59 SSHJUMPSRV05 sshd[687]: error: beginning MaxStartups throttling
May 9 11:41:59 SSHJUMPSRV05 sshd[687]: drop connection #10 from [192.168.2.18]:47306 on [192.168.2.13]:22 past MaxStartups
May 9 11:41:59 SSHJUMPSRV05 sshd[1565]: Accepted password for Kevin from 192.168.2.18 port 47214 ssh2
May 9 11:41:59 SSHJUMPSRV05 sshd[1565]: pam_unix(sshd:session): session opened for user Kevin(uid=1000) by (uid=0)
May 9 11:41:59 SSHJUMPSRV05 systemd-logind[664]: New session 3 of user Kevin.
May 9 11:41:59 SSHJUMPSRV05 sshd[1566]: Invalid user Alien35 from 192.168.2.18 port 47216
May 9 11:41:59 SSHJUMPSRV05 sshd[1568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.18 user=Kevin
May 9 11:41:59 SSHJUMPSRV05 sshd[1573]: Invalid user onko23 from 192.168.2.18 port 47264
May 9 11:41:59 SSHJUMPSRV05 sshd[1566]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:41:59 SSHJUMPSRV05 sshd[1566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.18
May 9 11:41:59 SSHJUMPSRV05 sshd[1577]: Invalid user kool from 192.168.2.18 port 47332
May 9 11:41:59 SSHJUMPSRV05 sshd[1578]: Invalid user Alien35 from 192.168.2.18 port 47344
May 9 11:41:59 SSHJUMPSRV05 sshd[1573]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:41:59 SSHJUMPSRV05 sshd[1573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.18
May 9 11:41:59 SSHJUMPSRV05 sshd[1574]: Invalid user onko23 from 192.168.2.18 port 47278
May 9 11:41:59 SSHJUMPSRV05 sshd[1570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.18 user=Kevin
May 9 11:41:59 SSHJUMPSRV05 sshd[1578]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:41:59 SSHJUMPSRV05 sshd[1578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.18
May 9 11:41:59 SSHJUMPSRV05 sshd[1572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.18 user=Kevin
May 9 11:41:59 SSHJUMPSRV05 sshd[1576]: Invalid user onko23 from 192.168.2.18 port 47324
May 9 11:41:59 SSHJUMPSRV05 sshd[1577]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:41:59 SSHJUMPSRV05 sshd[1577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.18
May 9 11:41:59 SSHJUMPSRV05 sshd[1576]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:41:59 SSHJUMPSRV05 sshd[1576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.18
May 9 11:41:59 SSHJUMPSRV05 sshd[1574]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:41:59 SSHJUMPSRV05 sshd[1574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.18
May 9 11:41:59 SSHJUMPSRV05 sshd[1575]: Invalid user onko23 from 192.168.2.18 port 47290
May 9 11:41:59 SSHJUMPSRV05 sshd[1571]: Invalid user Alien35 from 192.168.2.18 port 47248
May 9 11:41:59 SSHJUMPSRV05 sshd[1575]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:41:59 SSHJUMPSRV05 sshd[1575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.18
May 9 11:41:59 SSHJUMPSRV05 sshd[1571]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:41:59 SSHJUMPSRV05 sshd[1571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.18
May 9 11:41:59 SSHJUMPSRV05 sshd[1567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.18 user=Kevin
May 9 11:41:59 SSHJUMPSRV05 sshd[1591]: Invalid user kool from 192.168.2.18 port 47364
May 9 11:42:00 SSHJUMPSRV05 sshd[1591]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:42:00 SSHJUMPSRV05 sshd[1591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.18
May 9 11:42:00 SSHJUMPSRV05 sshd[1650]: Received disconnect from 192.168.2.18 port 47214:11: Bye Bye
May 9 11:42:00 SSHJUMPSRV05 sshd[1650]: Disconnected from user Kevin 192.168.2.18 port 47214
May 9 11:42:00 SSHJUMPSRV05 sshd[1565]: pam_unix(sshd:session): session closed for user Kevin
May 9 11:42:00 SSHJUMPSRV05 systemd-logind[664]: Session 3 logged out. Waiting for processes to exit.
May 9 11:42:00 SSHJUMPSRV05 systemd-logind[664]: Removed session 3.
May 9 11:42:01 SSHJUMPSRV05 sshd[1566]: Failed password for invalid user Alien35 from 192.168.2.18 port 47216 ssh2
May 9 11:42:01 SSHJUMPSRV05 sshd[1568]: Failed password for Kevin from 192.168.2.18 port 47234 ssh2
May 9 11:42:02 SSHJUMPSRV05 sshd[1573]: Failed password for invalid user onko23 from 192.168.2.18 port 47264 ssh2
May 9 11:42:02 SSHJUMPSRV05 sshd[1578]: Failed password for invalid user Alien35 from 192.168.2.18 port 47344 ssh2
May 9 11:42:02 SSHJUMPSRV05 sshd[1572]: Failed password for Kevin from 192.168.2.18 port 47252 ssh2
May 9 11:42:02 SSHJUMPSRV05 sshd[1577]: Failed password for invalid user kool from 192.168.2.18 port 47332 ssh2
May 9 11:42:02 SSHJUMPSRV05 sshd[1576]: Failed password for invalid user onko23 from 192.168.2.18 port 47324 ssh2
May 9 11:42:02 SSHJUMPSRV05 sshd[1570]: Failed password for Kevin from 192.168.2.18 port 47242 ssh2
May 9 11:42:02 SSHJUMPSRV05 sshd[1574]: Failed password for invalid user onko23 from 192.168.2.18 port 47278 ssh2
May 9 11:42:02 SSHJUMPSRV05 sshd[1575]: Failed password for invalid user onko23 from 192.168.2.18 port 47290 ssh2
May 9 11:42:02 SSHJUMPSRV05 sshd[1571]: Failed password for invalid user Alien35 from 192.168.2.18 port 47248 ssh2
May 9 11:42:02 SSHJUMPSRV05 sshd[1567]: Failed password for Kevin from 192.168.2.18 port 47230 ssh2
May 9 11:42:02 SSHJUMPSRV05 sshd[1566]: Received disconnect from 192.168.2.18 port 47216:11: Bye Bye [preauth]
May 9 11:42:02 SSHJUMPSRV05 sshd[1566]: Disconnected from invalid user Alien35 192.168.2.18 port 47216 [preauth]
May 9 11:42:02 SSHJUMPSRV05 sshd[1578]: Received disconnect from 192.168.2.18 port 47344:11: Bye Bye [preauth]
May 9 11:42:02 SSHJUMPSRV05 sshd[1578]: Disconnected from invalid user Alien35 192.168.2.18 port 47344 [preauth]
May 9 11:42:02 SSHJUMPSRV05 sshd[1652]: Invalid user kool from 192.168.2.18 port 47368
May 9 11:42:02 SSHJUMPSRV05 sshd[1652]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:42:02 SSHJUMPSRV05 sshd[1652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.18
May 9 11:42:02 SSHJUMPSRV05 sshd[1571]: Received disconnect from 192.168.2.18 port 47248:11: Bye Bye [preauth]
May 9 11:42:02 SSHJUMPSRV05 sshd[1571]: Disconnected from invalid user Alien35 192.168.2.18 port 47248 [preauth]
May 9 11:42:02 SSHJUMPSRV05 sshd[1654]: Invalid user jozonm from 192.168.2.18 port 47392
May 9 11:42:02 SSHJUMPSRV05 sshd[1654]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:42:02 SSHJUMPSRV05 sshd[1654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.18
May 9 11:42:02 SSHJUMPSRV05 sshd[1573]: Received disconnect from 192.168.2.18 port 47264:11: Bye Bye [preauth]
May 9 11:42:02 SSHJUMPSRV05 sshd[1573]: Disconnected from invalid user onko23 192.168.2.18 port 47264 [preauth]
May 9 11:42:02 SSHJUMPSRV05 sshd[1591]: Failed password for invalid user kool from 192.168.2.18 port 47364 ssh2
May 9 11:42:02 SSHJUMPSRV05 sshd[1577]: Received disconnect from 192.168.2.18 port 47332:11: Bye Bye [preauth]
May 9 11:42:02 SSHJUMPSRV05 sshd[1577]: Disconnected from invalid user kool 192.168.2.18 port 47332 [preauth]
May 9 11:42:02 SSHJUMPSRV05 sshd[1574]: Received disconnect from 192.168.2.18 port 47278:11: Bye Bye [preauth]
May 9 11:42:02 SSHJUMPSRV05 sshd[1574]: Disconnected from invalid user onko23 192.168.2.18 port 47278 [preauth]
May 9 11:42:02 SSHJUMPSRV05 sshd[1576]: Received disconnect from 192.168.2.18 port 47324:11: Bye Bye [preauth]
May 9 11:42:02 SSHJUMPSRV05 sshd[1576]: Disconnected from invalid user onko23 192.168.2.18 port 47324 [preauth]
May 9 11:42:02 SSHJUMPSRV05 sshd[1656]: Invalid user jozonm from 192.168.2.18 port 47404
May 9 11:42:02 SSHJUMPSRV05 sshd[1656]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:42:02 SSHJUMPSRV05 sshd[1656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.18
May 9 11:42:02 SSHJUMPSRV05 sshd[1575]: Received disconnect from 192.168.2.18 port 47290:11: Bye Bye [preauth]
May 9 11:42:02 SSHJUMPSRV05 sshd[1575]: Disconnected from invalid user onko23 192.168.2.18 port 47290 [preauth]
May 9 11:42:02 SSHJUMPSRV05 sshd[1658]: Invalid user jozonm from 192.168.2.18 port 47414
May 9 11:42:02 SSHJUMPSRV05 sshd[1659]: Invalid user jozonm from 192.168.2.18 port 47418
May 9 11:42:02 SSHJUMPSRV05 sshd[1658]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:42:02 SSHJUMPSRV05 sshd[1658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.18
May 9 11:42:02 SSHJUMPSRV05 sshd[1659]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:42:02 SSHJUMPSRV05 sshd[1659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.18
May 9 11:42:02 SSHJUMPSRV05 sshd[1660]: Invalid user jozonm from 192.168.2.18 port 47434
May 9 11:42:03 SSHJUMPSRV05 sshd[1660]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:42:03 SSHJUMPSRV05 sshd[1660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.18
May 9 11:42:03 SSHJUMPSRV05 sshd[1665]: Invalid user strasidlo68 from 192.168.2.18 port 47446
May 9 11:42:03 SSHJUMPSRV05 sshd[1665]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:42:03 SSHJUMPSRV05 sshd[1665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.18
May 9 11:42:03 SSHJUMPSRV05 sshd[1663]: Invalid user jozonm from 192.168.2.18 port 47440
May 9 11:42:03 SSHJUMPSRV05 sshd[1663]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:42:03 SSHJUMPSRV05 sshd[1663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.18
May 9 11:42:03 SSHJUMPSRV05 sshd[1568]: Received disconnect from 192.168.2.18 port 47234:11: Bye Bye [preauth]
May 9 11:42:03 SSHJUMPSRV05 sshd[1568]: Disconnected from authenticating user Kevin 192.168.2.18 port 47234 [preauth]
May 9 11:42:03 SSHJUMPSRV05 sshd[1591]: Received disconnect from 192.168.2.18 port 47364:11: Bye Bye [preauth]
May 9 11:42:03 SSHJUMPSRV05 sshd[1591]: Disconnected from invalid user kool 192.168.2.18 port 47364 [preauth]
May 9 11:42:03 SSHJUMPSRV05 sshd[1570]: Received disconnect from 192.168.2.18 port 47242:11: Bye Bye [preauth]
May 9 11:42:03 SSHJUMPSRV05 sshd[1570]: Disconnected from authenticating user Kevin 192.168.2.18 port 47242 [preauth]
May 9 11:42:03 SSHJUMPSRV05 sshd[1668]: Invalid user strasidlo68 from 192.168.2.18 port 47460
May 9 11:42:03 SSHJUMPSRV05 sshd[1668]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:42:03 SSHJUMPSRV05 sshd[1668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.18
May 9 11:42:03 SSHJUMPSRV05 sshd[1572]: Received disconnect from 192.168.2.18 port 47252:11: Bye Bye [preauth]
May 9 11:42:03 SSHJUMPSRV05 sshd[1572]: Disconnected from authenticating user Kevin 192.168.2.18 port 47252 [preauth]
May 9 11:42:03 SSHJUMPSRV05 sshd[1670]: Invalid user strasidlo68 from 192.168.2.18 port 47466
May 9 11:42:03 SSHJUMPSRV05 sshd[1670]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:42:03 SSHJUMPSRV05 sshd[1670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.18
May 9 11:42:03 SSHJUMPSRV05 sshd[1672]: Invalid user strasidlo68 from 192.168.2.18 port 47468
May 9 11:42:03 SSHJUMPSRV05 sshd[1672]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:42:03 SSHJUMPSRV05 sshd[1672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.18
May 9 11:42:03 SSHJUMPSRV05 sshd[1567]: Received disconnect from 192.168.2.18 port 47230:11: Bye Bye [preauth]
May 9 11:42:03 SSHJUMPSRV05 sshd[1567]: Disconnected from authenticating user Kevin 192.168.2.18 port 47230 [preauth]
May 9 11:42:03 SSHJUMPSRV05 sshd[1674]: Invalid user strasidlo68 from 192.168.2.18 port 47478
May 9 11:42:03 SSHJUMPSRV05 sshd[1674]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:42:03 SSHJUMPSRV05 sshd[1674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.18
May 9 11:42:03 SSHJUMPSRV05 sshd[1676]: Invalid user dano12113 from 192.168.2.18 port 47496
May 9 11:42:03 SSHJUMPSRV05 sshd[1676]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:42:03 SSHJUMPSRV05 sshd[1676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.18
May 9 11:42:04 SSHJUMPSRV05 sshd[1652]: Failed password for invalid user kool from 192.168.2.18 port 47368 ssh2
May 9 11:42:04 SSHJUMPSRV05 sshd[1665]: Failed password for invalid user strasidlo68 from 192.168.2.18 port 47446 ssh2
May 9 11:42:04 SSHJUMPSRV05 sshd[1663]: Failed password for invalid user jozonm from 192.168.2.18 port 47440 ssh2
May 9 11:42:04 SSHJUMPSRV05 sshd[1665]: Received disconnect from 192.168.2.18 port 47446:11: Bye Bye [preauth]
May 9 11:42:04 SSHJUMPSRV05 sshd[1665]: Disconnected from invalid user strasidlo68 192.168.2.18 port 47446 [preauth]
May 9 11:42:04 SSHJUMPSRV05 sshd[1654]: Failed password for invalid user jozonm from 192.168.2.18 port 47392 ssh2
May 9 11:42:04 SSHJUMPSRV05 sshd[1656]: Failed password for invalid user jozonm from 192.168.2.18 port 47404 ssh2
May 9 11:42:05 SSHJUMPSRV05 sshd[1668]: Failed password for invalid user strasidlo68 from 192.168.2.18 port 47460 ssh2
May 9 11:42:05 SSHJUMPSRV05 sshd[1678]: Invalid user dano12113 from 192.168.2.18 port 47518
May 9 11:42:05 SSHJUMPSRV05 sshd[1678]: pam_unix(sshd:auth): check pass; user unknown
May 9 11:42:05 SSHJUMPSRV05 sshd[1678]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.18
May 9 11:42:05 SSHJUMPSRV05 sshd[1658]: Failed password for invalid user jozonm from 192.168.2.18 port 47414 ssh2
May 9 11:42:05 SSHJUMPSRV05 sshd[1659]: Failed password for invalid user jozonm from 192.168.2.18 port 47418 ssh2
May 9 11:42:05 SSHJUMPSRV05 sshd[1670]: Failed password for invalid user strasidlo68 from 192.168.2.18 port 47466 ssh2
May 9 11:42:05 SSHJUMPSRV05 sshd[1660]: Failed password for invalid user jozonm from 192.168.2.18 port 47434 ssh2
May 9 11:42:05 SSHJUMPSRV05 sshd[1672]: Failed password for invalid user strasidlo68 from 192.168.2.18 port 47468 ssh2
May 9 11:42:05 SSHJUMPSRV05 sshd[1663]: Received disconnect from 192.168.2.18 port 47440:11: Bye Bye [preauth]
May 9 11:42:05 SSHJUMPSRV05 sshd[1663]: Disconnected from invalid user jozonm 192.168.2.18 port 47440 [pr
gitextract_1xx4zayr/ ├── 01-Logs/ │ └── MasterParser-Example-auth.log ├── 02-LogModules/ │ └── Auth.Log/ │ ├── 01-LogCopy/ │ │ └── CreateLogCopy.ps1 │ ├── 02-TimePatch/ │ │ └── 01-TimePatch.ps1 │ ├── 03-Features/ │ │ ├── 01-file_summary_report.ps1 │ │ ├── 02-event_name_table.ps1 │ │ ├── 03-ip_address_table.ps1 │ │ ├── 04-regex_search_engine.ps1 │ │ ├── 05-system_login_calculation.ps1 │ │ ├── 06-ssh_login_calculation.ps1 │ │ ├── 07-ssh_brute_force_detector.ps1 │ │ ├── 08-ftp_brute_force_detector.ps1 │ │ └── 09-final_output.ps1 │ └── Auth.Log.ps1 ├── 03-Options/ │ ├── 00-Banner.ps1 │ ├── 01-Update.ps1 │ ├── 02-auto_update_check.ps1 │ ├── 03-Menu.ps1 │ ├── 04-Purge.ps1 │ └── 05-functions.ps1 ├── LICENSE ├── MasterParser Training/ │ └── 02 - Exercises and Scenarios to investigate/ │ ├── 01 - FTP Brute-Force Attack/ │ │ └── Auth.Log FTP Brute-Force Attack │ ├── 02 - The Disgruntled Employee/ │ │ └── Auth.Log The Disgruntled Employee.txt │ ├── 03 - Why The Server is Unavailable/ │ │ └── Auth.Log Why The Server is Unavailable │ └── 04 - Reconnaissance Activity/ │ └── Auth.Log Reconnaissance Activity ├── MasterParser.ps1 └── README.md
Condensed preview — 26 files, each showing path, character count, and a content snippet. Download the .json file or copy for the full structured content (238K chars).
[
{
"path": "01-Logs/MasterParser-Example-auth.log",
"chars": 20495,
"preview": "Dec 10 00:17:01 eilay-desktop CRON[75966]: pam_unix(cron:session): session opened for user root by (uid=0)\n# # # # Examp"
},
{
"path": "02-LogModules/Auth.Log/01-LogCopy/CreateLogCopy.ps1",
"chars": 944,
"preview": "# get the location of where the script was executed from.\n$ScriptLocationPath = $RunningPath\n\n# get the location of the "
},
{
"path": "02-LogModules/Auth.Log/02-TimePatch/01-TimePatch.ps1",
"chars": 1673,
"preview": "# get the location of where the script was executed from.\n$ScriptLocationPath = $RunningPath\n\n# get the location of the"
},
{
"path": "02-LogModules/Auth.Log/03-Features/01-file_summary_report.ps1",
"chars": 2037,
"preview": "# start time\nif ($Mode -eq \"Developer\") {\n$file_summary_report_start_time = start_time\n}\n\n# starting variables\n#region\n"
},
{
"path": "02-LogModules/Auth.Log/03-Features/02-event_name_table.ps1",
"chars": 1235,
"preview": "# start time\nif ($Mode -eq \"Developer\") {\n$event_name_table_start_time = start_time\n}\n\n# Hashtable to store the 5th word"
},
{
"path": "02-LogModules/Auth.Log/03-Features/03-ip_address_table.ps1",
"chars": 1601,
"preview": "# start time\nif ($Mode -eq \"Developer\") {\n$ip_address_table_start_time = start_time\n}\n\n# Hashtable to store the cleaned"
},
{
"path": "02-LogModules/Auth.Log/03-Features/04-regex_search_engine.ps1",
"chars": 4795,
"preview": "# start time\nif ($Mode -eq \"Developer\") {\n$regex_search_engine_start_time = start_time\n}\n\n# regex search engine\n#region\n"
},
{
"path": "02-LogModules/Auth.Log/03-Features/05-system_login_calculation.ps1",
"chars": 3086,
"preview": "if ($main[\"user_login\"].Count -ge 1 -and $main[\"user_logout\"].Count -ge 1) {\n\n # login hashtable\n $login_hashtable = @"
},
{
"path": "02-LogModules/Auth.Log/03-Features/06-ssh_login_calculation.ps1",
"chars": 6411,
"preview": "if ($main[\"successful_ssh\"].Count -ge 1 -or $main[\"successful_publickey_ssh\"].Count -ge 1 -and $main[\"ssh_disconnections"
},
{
"path": "02-LogModules/Auth.Log/03-Features/07-ssh_brute_force_detector.ps1",
"chars": 2170,
"preview": "if ($main[\"valid_users_failed_ssh\"] -ge 1 -or $main[\"invalid_users_failed_ssh\"]) {\n\n # merge valid and invalid to 1 ha"
},
{
"path": "02-LogModules/Auth.Log/03-Features/08-ftp_brute_force_detector.ps1",
"chars": 1799,
"preview": "if ($main[\"ftp\"].Count -ge 1) {\n \n $ftp_hashtable = $main[\"ftp\"]\n\n # create IP profiles\n $ip_profiles = @{}\n $us"
},
{
"path": "02-LogModules/Auth.Log/03-Features/09-final_output.ps1",
"chars": 8289,
"preview": "# start time\n#region\n\nif ($Mode -eq \"Developer\") {\n$formatting_function_start_time = start_time\n}\n\n#endregion\n\n# final_"
},
{
"path": "02-LogModules/Auth.Log/Auth.Log.ps1",
"chars": 1642,
"preview": "$auth_log_start_time = start_time\n\n# NotFoundHashTable\n$NotFoundHashTable = @{}\n\n# Dot Sourcing -> 01-TimePatch.ps1\n. \""
},
{
"path": "03-Options/00-Banner.ps1",
"chars": 1220,
"preview": "# Dot Sorcing -> 02-AutoUpdateCheck.ps1\n. \"$RunningPath\\03-Options\\02-auto_update_check.ps1\"\n\n# ParserMaster Banner\nWri"
},
{
"path": "03-Options/01-Update.ps1",
"chars": 4251,
"preview": "# check if there is MasterParser.zip under the $RunningPath, if yes, delete it.\nif (Test-Path -Path $RunningPath\\Master"
},
{
"path": "03-Options/02-auto_update_check.ps1",
"chars": 748,
"preview": "# test conection to GitHub domain\ntry {\n\t$ConnectionStatus = Test-Connection -ComputerName \"GitHub.com\" -Count 1 -Error"
},
{
"path": "03-Options/03-Menu.ps1",
"chars": 1276,
"preview": "Write-Output \"┌> How To Run Example: MasterParser.ps1 -O Start\"\nWrite-Output \"├~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
},
{
"path": "03-Options/04-Purge.ps1",
"chars": 2022,
"preview": "# null flag\n$SuccessFlag = $null\n\n# main title print\nWrite-Output \"MasterParser Removal Process\"\nWrite-Output \"+-------"
},
{
"path": "03-Options/05-functions.ps1",
"chars": 1794,
"preview": "# calculate run time function\n#region\nfunction start_time {\n return Get-Date\n}\n\nfunction stop_time {\n param (\n "
},
{
"path": "LICENSE",
"chars": 1076,
"preview": "MIT License\n\nCopyright (c) 2023 Eilay Yosfan (DFIR)\n\nPermission is hereby granted, free of charge, to any person obtaini"
},
{
"path": "MasterParser Training/02 - Exercises and Scenarios to investigate/01 - FTP Brute-Force Attack/Auth.Log FTP Brute-Force Attack",
"chars": 3892,
"preview": "May 9 12:46:09 UBUSRV01 sshd[709]: Server listening on 0.0.0.0 port 22.\nMay 9 12:46:09 UBUSRV01 sshd[709]: Server list"
},
{
"path": "MasterParser Training/02 - Exercises and Scenarios to investigate/02 - The Disgruntled Employee/Auth.Log The Disgruntled Employee.txt",
"chars": 6314,
"preview": "May 8 12:08:02 UBUSRV01 sshd[703]: Server listening on 0.0.0.0 port 22.\r\nMay 8 12:08:02 UBUSRV01 sshd[703]: Server lis"
},
{
"path": "MasterParser Training/02 - Exercises and Scenarios to investigate/03 - Why The Server is Unavailable/Auth.Log Why The Server is Unavailable",
"chars": 132255,
"preview": "May 9 11:18:48 SSHJUMPSRV05 sshd[687]: Server listening on 0.0.0.0 port 22.\nMay 9 11:18:48 SSHJUMPSRV05 sshd[687]: Ser"
},
{
"path": "MasterParser Training/02 - Exercises and Scenarios to investigate/04 - Reconnaissance Activity/Auth.Log Reconnaissance Activity",
"chars": 7139,
"preview": "May 9 14:03:44 UBUSRV01 sshd[715]: Server listening on 0.0.0.0 port 22.\nMay 9 14:03:44 UBUSRV01 sshd[715]: Server list"
},
{
"path": "MasterParser.ps1",
"chars": 7861,
"preview": "param(\n # Options\n [Parameter(Mandatory = $true)]\n [ValidateSet('Start','Menu','Update','Purge')]\n [string]"
},
{
"path": "README.md",
"chars": 5276,
"preview": "# MasterParser v2.5\n###### Stop wasting time, let MasterParser do the work!\n![MasterParserBanner](https://github.com/Yos"
}
]
About this extraction
This page contains the full source code of the YosfanEilay/AuthLogParser GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 26 files (225.9 KB), approximately 86.2k tokens. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.