How I can take the history IP of ALL access log as ROOT?

000 · Sep 29, 2013

Hi,

some commands please:

1// How I can take the history IP of ALL access log as ROOT? (without repeat IP)
2// How I can take the history IP of ALL ATACKS log as ROOT? (without repeat IP)

...the problem is into [/var/log/] exist multiple files [secure-*] and too [messages-*]

but the maximum problem:

I unknow all about BASH.

Thanks

24x7server · Sep 29, 2013

Please try with the following command, You will get the root user access IP list

Code:

grep root /var/log/secure* | grep "Accepted" | awk {'print $11'} | sort | uniq -c | sort -nr

cPanelMichael · Sep 30, 2013

000 said:
2// How I can take the history IP of ALL ATACKS log as ROOT? (without repeat IP)

Could you elaborate on which type of attacks you are referring to? For instance, are you looking for brute force attempt logs?

Thank you.

000 · Oct 1, 2013

24x7server said:
grep root /var/log/secure* | grep "Accepted" | awk {'print $11'} | sort | uniq -c | sort -nr

Guao !!!...

This GREATH !!!, Beautifull !!

THANKS :D

Run PERFECT.

You command list ALL history IP of access as ROOT into server !

I have one more:

This beautifull command:

Code:

watch -n.9 'netstat -tup'

show Actives IPS into server.

Is possible edit and then show count/user of server ?

Thanks newly.

24x7server · Oct 1, 2013

Thanks,

You can use following netstat command on your server

Code:

netstat -tup | awk {'print $5'} | cut -d ":" -f1 | sort | uniq -c | sort -nr

000 · Oct 2, 2013

24x7server said:
You can use following netstat command on your server

Code:

netstat -tup | awk {'print $5'} | cut -d ":" -f1 | sort | uniq -c | sort -nr

Thanks 24x7server.

The command
watch -n.9 'netstat -tup'
refresh window each 9 seconds, show info automaticlly, but no show 2 imprtant columns:

* USER or COUNT where remote connection work
(only show the programm as by example HTTP, or PHP, or FTP), but
connection is over... x.com? or z.com?

* no show IP, only hostname remote:
alum-ainavillo.ccp.gw
a06-10-01.opera-mini
static-69-64.nokia.ne
etc...

is possible show IP (no hostname) and show USER /COUNT whitout lost this important "autorefresh"?

You command
netstat -tup | awk {'print $5'} | cut -d ":" -f1 | sort | uniq -c | sort -nr
no show USER/COUNT where x connection is working.

Thanks by you help

Thread starter	Similar threads	Forum	Replies	Date
F	cPHulk - Blacklisted IPs Still Appear In The One-Day Blocks History Report	Security	2	May 14, 2023
E	SOLVED CPHulk read history reports using the command line or API	Security	3	Oct 25, 2020
M	History / log of password change for an email account ?	Security	2	Aug 26, 2020
J	Conflicting tech notes history of logins	Security	3	Apr 23, 2020
D	SOLVED Add country to cPHulk History Reports	Security	2	May 14, 2018

Search

Search

How I can take the history IP of ALL access log as ROOT?

000

Well-Known Member

24x7server

Well-Known Member

cPanelMichael

Administrator

000

Well-Known Member

24x7server

Well-Known Member

000

Well-Known Member