# /var/log/ 目录下 secure 开头的日志文件

# 查看哪些IP破解你SSH密码以及次数
cat /var/log/secure | awk '/Failed/{print $(NF-3)}' | sort | uniq -c | awk '{print $2" = "$1;}'

# 登录失败的记录
grep -o "Failed password" /var/log/secure|uniq -c

# 登录成功的记录
grep "Accepted " /var/log/secure | awk '{print $1,$2,$3,$9,$11}'