ssh-logs

head -n -250 /var/log/auth.log 

awk "/.*Failed password.*/ { print $1 }" /var/log/auth.log                                                                                                                                                 

grep "Failed password" /var/log/auth.log | wc -l          

grep "password" /var/log/auth.log | grep -v Failed | grep -v Invalid                                                                

ls /var/log/auth.log* -lht                                                                                                        

cat  /var/log/auth.log| grep "Failed password"|head -1 | awk '{while($i){print i, $i;i++}}'        

cat  /var/log/auth.log| grep "Failed password"| grep invalid |head -1 | awk '{while($i){print i, $i;i++}}'                         

mkdir authlog;cp /var/log/auth.log* authlog/;cd authlog;gunzip auth.log.*.gz

awk '{if($6=="Failed"&&$7=="password"){if($9=="invalid"){ips[$13]++;users[$11]++}else{users[$9]++;ips[$11]++}}}END{for(ip in ips){print ip, ips[ip]}}' /var/log/auth.* | wc -l

awk '{if($6=="Failed"&&$7=="password"){if($9=="invalid"){ips[$13]++;users[$11]++}else{users[$9]++;ips[$11]++}}}END{for(ip in ips){print ip, ips[ip]}}' /var/log/auth.* | sort -k2 -rn | head

awk '{if($6=="Failed"&&$7=="password"){if($9=="invalid"){ips[$13]++;users[$11]++}else{users[$9]++;ips[$11]++}}}END{for(ip in ips){print ip, ips[ip]}}' /var/log/auth.* | sort -k2 -rn > ip.log

### The user name the attacker attempted

```sh
awk '{if($6=="Failed"&&$7=="password"){if($9=="invalid"){ips[$13]++;users[$11]++}else{users[$9]++;ips[$11]++}}}END{for(user in users){print user, users[user]}}' /var/log/auth.* | sort -k2 -rn |wc -l

awk '{if($6=="Failed"&&$7=="password"){if($9=="invalid"){ips[$13]++;users[$11]++}else{users[$9]++;ips[$11]++}}}END{for(user in users){print user, users[user]}}' /var/log/auth.* | sort -k2 -rn | head