查询ssh方式登录记录之/var/log/secure

对应目录：

>/var/log/secure    #ssh方式登录记录储存于此

日志说明：

查询ssh登录失败的主机信息：
【log信息】：

Jan 19 00:37:05 kVM20209908-0 sshd[12952]: Failed password for user from 11.197.xx.23 port 41412 ssh2
Jan 19 00:37:10 kVM20209908-0 su: pam_unix(su:session): session opened for user root by (uid=0)
Jan 19 00:37:10 kVM20299908-0 su: pam_unix(su:session): session closed for user root

【命令】：

cat /var/log/secure | awk '/^.*(F|f)ailed.*/
Jan 19 00:12:58 kVM20255208-0 sshd[1932]:  Failed password for wb-china from 11.27.09.80 port 27539 ssh2
Jan 19 00:37:05 kVM20255208-0 sshd[12952]: Failed password for wb-china from 11.27.09.80 port 41412 ssh2
过滤出来IP地址：
cat /var/log/secure | awk '/^.*(F|f)ailed.*/'|egrep "from ([0-9]+\.){3}[0-9]+" -o

过滤出来IP地址：

>cat /var/log/secure | awk '/^.*(F|f)ailed.*/'|egrep "from ([0-9]+\.){3}[0-9]+" -o