查询ssh方式登录记录之/var/log/secure
对应目录:
>/var/log/secure #ssh方式登录记录储存于此
日志说明:
查询ssh登录失败的主机信息:
【log信息】:
Jan 19 00:37:05 kVM20209908-0 sshd[12952]: Failed password for user from 11.197.xx.23 port 41412 ssh2
Jan 19 00:37:10 kVM20209908-0 su: pam_unix(su:session): session opened for user root by (uid=0)
Jan 19 00:37:10 kVM20299908-0 su: pam_unix(su:session): session closed for user root
【命令】:
cat /var/log/secure | awk '/^.*(F|f)ailed.*/
Jan 19 00:12:58 kVM20255208-0 sshd[1932]: Failed password for wb-china from 11.27.09.80 port 27539 ssh2
Jan 19 00:37:05 kVM20255208-0 sshd[12952]: Failed password for wb-china from 11.27.09.80 port 41412 ssh2
过滤出来IP地址:
cat /var/log/secure | awk '/^.*(F|f)ailed.*/'|egrep "from ([0-9]+\.){3}[0-9]+" -o
过滤出来IP地址:
>cat /var/log/secure | awk '/^.*(F|f)ailed.*/'|egrep "from ([0-9]+\.){3}[0-9]+" -o