Prompt

Analyze a custom application login event log to help us understand user behavior.

Walk-Through

This challenge involves analyzing a custom application log format that uses tab-delineated columns. The tab-delineated format is well-suited for the cut tool to extract specific columns from the log. cut can be used combination with several other Linux command line utilities to obtain the answers to the questions.

Questions

Q1. How many total login attempts were made in this log?

cat login.log | wc -l

Get the line count of the log

Q2. How many unique usernames appear in this log?

cat login.log | cut -f 3 | sort | uniq | wc -l

Extract the third field (with the usernames) of the log, sort the usernames, get the unique usernames, and then get a line count of the number of unique usernames

Q3. What is the username with the most login attempts?

cat login.log | cut -f 3 | sort | uniq -c |sort -n

Extract the third field (with the usernames) of the log, sort the usernames, get a frequency count of each unique username, and then sort the unique usernames by frequency

Q4. How many attempts were made for the username with the most login attempts?

Use the same command as the question above

Q5. What is the date with the most login attempts?

cat login.log | cut -f 1 | cut -d " " -f 1 | sort | uniq -c | sort -n

Extract the first field (with the date+time) of the log, extract just the date, sort the dates, get a frequency count of each unique date, and then sort the unique dates by frequency

Q6. What is the username that had logins from the most unique IP addresses?

cat login.log | cut -f 2,3 | sort | uniq | cut -f 2 | sort | uniq -c | sort -n

Extract the second field (with the ip address) and third field (with the username) of the log, sort the ip/username pairs, get the unique ip/username pairs, then extract just the usernames from each pair, sort the usernames, get a frequency count of how many unique pairs each username has, and then sort by frequency

Login