Whilst setting up centralised logging for one of our clients clusters, it was noticed that there are sometimes a large number of failed login attempts. Rather than manually checking each one, I’ve written a script using PHP and MongoDB JS MapReduce to aggregate the data and provide a useful report.
The following code will output a CSV report with the columns;
It’s not 100% fool proof, but provides us with a good guide with where to look / block first.
p.s. We also have a slightly modified version which allows checking of a list of IP addresses against successful logins…
