查看攻击ip来源

ubuntu查看尝试登录服务器的ip,一般用来查看攻击ip来源:

grep "Failed password for root" /var/log/auth.log | awk '{print $11}' | sort | uniq -c | sort -nr | more




centos查看尝试登录服务器的ip,一般用来查看攻击ip来源:

cat /var/log/secure | awk '/Failed/{print $(NF-3)}'| sort| uniq -c| awk '{print $2"="$1;}'