How I can take the history IP of ALL access log as ROOT?

000

Well-Known Member
Jun 3, 2008
229
6
68
Hi,

some commands please:

1// How I can take the history IP of ALL access log as ROOT? (without repeat IP)
2// How I can take the history IP of ALL ATACKS log as ROOT? (without repeat IP)

...the problem is into [/var/log/] exist multiple files [secure-*] and too [messages-*]

but the maximum problem:

I unknow all about BASH.

Thanks
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,202
363
2// How I can take the history IP of ALL ATACKS log as ROOT? (without repeat IP)
Could you elaborate on which type of attacks you are referring to? For instance, are you looking for brute force attempt logs?

Thank you.
 

000

Well-Known Member
Jun 3, 2008
229
6
68
grep root /var/log/secure* | grep "Accepted" | awk {'print $11'} | sort | uniq -c | sort -nr
Guao !!!...

This GREATH !!!, Beautifull !!

THANKS :D

Run PERFECT.

You command list ALL history IP of access as ROOT into server !

I have one more:

This beautifull command:
Code:
watch -n.9 'netstat -tup'
show Actives IPS into server.

Is possible edit and then show count/user of server ?

Thanks newly.
 

000

Well-Known Member
Jun 3, 2008
229
6
68
You can use following netstat command on your server
Code:
netstat -tup | awk {'print $5'} | cut -d ":" -f1 | sort | uniq -c | sort -nr
Thanks 24x7server.

The command
watch -n.9 'netstat -tup'
refresh window each 9 seconds, show info automaticlly, but no show 2 imprtant columns:

* USER or COUNT where remote connection work
(only show the programm as by example HTTP, or PHP, or FTP), but
connection is over... x.com? or z.com?

* no show IP, only hostname remote:
alum-ainavillo.ccp.gw
a06-10-01.opera-mini
static-69-64.nokia.ne
etc...


is possible show IP (no hostname) and show USER /COUNT whitout lost this important "autorefresh"?

You command
netstat -tup | awk {'print $5'} | cut -d ":" -f1 | sort | uniq -c | sort -nr
no show USER/COUNT where x connection is working.

Thanks by you help