How I can take the history IP of ALL access log as ROOT?

000

Well-Known Member
Jun 3, 2008
310
13
68
Hi,

some commands please:

1// How I can take the history IP of ALL access log as ROOT? (without repeat IP)
2// How I can take the history IP of ALL ATACKS log as ROOT? (without repeat IP)

...the problem is into [/var/log/] exist multiple files [secure-*] and too [messages-*]

but the maximum problem:

I unknow all about BASH.

Thanks
 

24x7server

Well-Known Member
Apr 17, 2013
1,911
96
78
India
cPanel Access Level
Root Administrator
Twitter
Please try with the following command, You will get the root user access IP list

Code:
grep root /var/log/secure* | grep "Accepted" | awk {'print $11'} | sort | uniq -c | sort -nr
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,216
463
2// How I can take the history IP of ALL ATACKS log as ROOT? (without repeat IP)
Could you elaborate on which type of attacks you are referring to? For instance, are you looking for brute force attempt logs?

Thank you.
 

000

Well-Known Member
Jun 3, 2008
310
13
68
grep root /var/log/secure* | grep "Accepted" | awk {'print $11'} | sort | uniq -c | sort -nr
Guao !!!...

This GREATH !!!, Beautifull !!

THANKS :D

Run PERFECT.

You command list ALL history IP of access as ROOT into server !

I have one more:

This beautifull command:
Code:
watch -n.9 'netstat -tup'
show Actives IPS into server.

Is possible edit and then show count/user of server ?

Thanks newly.
 

000

Well-Known Member
Jun 3, 2008
310
13
68
You can use following netstat command on your server
Code:
netstat -tup | awk {'print $5'} | cut -d ":" -f1 | sort | uniq -c | sort -nr
Thanks 24x7server.

The command
watch -n.9 'netstat -tup'
refresh window each 9 seconds, show info automaticlly, but no show 2 imprtant columns:

* USER or COUNT where remote connection work
(only show the programm as by example HTTP, or PHP, or FTP), but
connection is over... x.com? or z.com?

* no show IP, only hostname remote:
alum-ainavillo.ccp.gw
a06-10-01.opera-mini
static-69-64.nokia.ne
etc...


is possible show IP (no hostname) and show USER /COUNT whitout lost this important "autorefresh"?

You command
netstat -tup | awk {'print $5'} | cut -d ":" -f1 | sort | uniq -c | sort -nr
no show USER/COUNT where x connection is working.

Thanks by you help