Check for login activities of last 10 minutes (Actual time) in auth.log file?

Question

I have a cronjob that executes a bash file every 10 min. The bash file contains a Curl command that sends me a sms if var/log/auth.log file contains any lines with "Accepted password for". (obviously the if condition is true every time).
Now i want to add another if condition that checks for string "Accepted password for" ONLY FOR LAST 10 MIN of time.

My problem is, the log file contains the time info like this:

Sep  5 13:49:07 localhost sshd[565]: Server listening on 0.0.0.0 port 22.

Nov 28 21:39:25 soft-server sshd[11946]: Accepted password for myusername from 10.0.2.2 port 13494 ssh2

How can I compare current time with above format and write an IF statement? Currently i'm doing this:

if [ grep -q "Accepted password for" var/log/auth.log] && (check timing for last 10 min)
then
    curl 'www.example.com/send-a-text'
fi

Thank you in advance.

Answer 1

The best way to compare times is to convert them to seconds from epoch, that way you can just treat them as integers. Here's an example:

#! /bin/bash

# time in seconds from epoch 10 minutes ago is the limit
limit="$(date -d '10 minutes ago' +%s)"
# read matches from the file starting from the end up to the limit
while read -r logrow; do
    # cut out the timestamp from the logrow
    timestamp="$(cut -d ' ' -f 1,2,3 <<<"$logrow")"
    # convert timestamp to seconds from epoch
    from_epoch="$(date -d "$timestamp" +%s)"
    # if the line was newer than 10 minutes ago, send a message
    if (( from_epoch > limit )); then
        # send the logrow
        curl "www.example.com/send-a-text?logrow=${logrow}"
    else
        # after reaching the limit, stop the loop
        break
    fi
done < <(tac /var/log/auth.log | grep "Accepted")