Skip to content

[Linux] How to list IP who successful & failed login into server by ssh

for failed login attempt, use this

awk '/Failed/ {x[$(NF-3)]++} END {for (i in x){printf "%3d %s\n", x[i], i}}' /var/log/auth.log | sort -nr

and then for the success

awk '/Accepted password/ {x[$(NF-3)]++} END {for (i in x){printf "%3d %s\n", x[i], i}}' /var/log/auth.log | sort -nr

the result for both action will be like this

<number of times> <ip>,  for example

109 122.226.181.xx
 97 122.226.181.xx
 89 115.238.245.xx
 25 112.85.42.xx
 21 54.37.254.xx

 

Comments are closed.