I use a swatch-based approach to monitoring my /var/log/secure* log files for brute force attacks on my ssh server. Today I was curious about which usernames were being used to try to get into the system. This command tells me what I want: # cat /var/log/secure* | cut -d ” ” -f7-12 |grep Failed |cut … Read more