for failed login attempt, use this
awk '/Failed/ {x[$(NF-3)]++} END {for (i in x){printf "%3d %s\n", x[i], i}}' /var/log/auth.log | sort -nr
and then for the success
awk '/Accepted password/ {x[$(NF-3)]++} END {for (i in x){printf "%3d %s\n", x[i], i}}' /var/log/auth.log | sort -nr
the result for both action will be like this
<number of times> <ip>, for example
109 122.226.181.xx 97 122.226.181.xx 89 115.238.245.xx 25 112.85.42.xx 21 54.37.254.xx
Comments are closed.