查询ssh方式登录记录之/var/log/secure

查询ssh方式登录记录之/var/log/secure

对应目录:

>/var/log/secure    #ssh方式登录记录储存于此

日志说明:
在这里插入图片描述

查询ssh登录失败的主机信息:
【log信息】:

Jan 19 00:37:05 kVM20209908-0 sshd[12952]: Failed password for user from 11.197.xx.23 port 41412 ssh2
Jan 19 00:37:10 kVM20209908-0 su: pam_unix(su:session): session opened for user root by (uid=0)
Jan 19 00:37:10 kVM20299908-0 su: pam_unix(su:session): session closed for user root

【命令】:

cat /var/log/secure | awk '/^.*(F|f)ailed.*/
Jan 19 00:12:58 kVM20255208-0 sshd[1932]:  Failed password for wb-china from 11.27.09.80 port 27539 ssh2
Jan 19 00:37:05 kVM20255208-0 sshd[12952]: Failed password for wb-china from 11.27.09.80 port 41412 ssh2
过滤出来IP地址:
cat /var/log/secure | awk '/^.*(F|f)ailed.*/'|egrep "from ([0-9]+\.){3}[0-9]+" -o

过滤出来IP地址:

>cat /var/log/secure | awk '/^.*(F|f)ailed.*/'|egrep "from ([0-9]+\.){3}[0-9]+" -o
已标记关键词 清除标记
相关推荐
©️2020 CSDN 皮肤主题: 大白 设计师:CSDN官方博客 返回首页