| Events of ssh down | grep -R "ssh.*Received signal 15" /var/log/auth.log |
| Events of ssh up | grep -R "sshd.*Server listening" /var/log/auth.log |
| Events of ssh failed login | grep -R "sshd.*Failed password for invalid user" /var/log/auth.log |
| Events of ssh break-in attemp | grep -R "sshd.*POSSIBLE BREAK-IN ATTEMPT!" /var/log/auth.log |
| Events of ssh port scap | grep -R "sshd.*Bad protocol version identification" /var/log/auth.log |
| Events of ssh login by public key | grep -R "sshd.*Accepted publickey for" /var/log/auth.log |
| Events of ssh login by password | grep -R "sshd.*Accepted password for" /var/log/auth.log |
| Events of ssh logout event | grep -R "sshd.*pam_unix(sshd:session): session closed for" /var/log/auth.log |
Simple Cheat SheetFree Cheat Sheets