list all unique IPs that failed login
egrep "Failed|Failure" /var/log/secure| grep -Po "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+" | sort | uniq -c
clear logs without interruption
cat /dev/null > /var/log/secure
logs not collecting, erroneous empty of log directory
systemctl status rsyslog.service
systemctl status sshd.service
systemctl reload rsyslog.service
systemctl restart rsyslog.service
No comments:
Post a Comment