Custom-made, luxury planet building.

#hacking

Splunk Log Analysis on SSH attacks

Over the holidays, the linode infrastructure was attacked. I was testing Splunk at the time. I'd opened SSH in the firewall to capture logs into Splunk. My linode VPS was under constant attack during this period. Let's analyze the logs of the attack with Splunk!

List of SSH attack usernames

A list of all usernames used during a brute-force attack of this server over the holidays. Data was easily generated using Splunk lite.