SSH: Parse Log File

Events of ssh downgrep -R "ssh.*Received signal 15" /var/log/auth.log
Events of ssh upgrep -R "sshd.*Server listening" /var/log/auth.log
Events of ssh failed logingrep -R "sshd.*Failed password for invalid user" /var/log/auth.log
Events of ssh break-in attempgrep -R "sshd.*POSSIBLE BREAK-IN ATTEMPT!" /var/log/auth.log
Events of ssh port scapgrep -R "sshd.*Bad protocol version identification" /var/log/auth.log
Events of ssh login by public keygrep -R "sshd.*Accepted publickey for" /var/log/auth.log
Events of ssh login by passwordgrep -R "sshd.*Accepted password for" /var/log/auth.log
Events of ssh logout eventgrep -R "sshd.*pam_unix(sshd:session): session closed for" /var/log/auth.log

Leave a Reply

Your email address will not be published. Required fields are marked *