當我登入伺服器時,我看到:
Last failed login: Fri Jul 17 12:47:01 CEST 2020 from 111.222.333.444 on ssh:notty
There were 2713 failed login attempts since the last successful login.
Last login: Fri Jul 17 01:12:57 2020 from ec2-111-222-333-444.eu-central-1.compute.amazonaws.com
如何在使用某些命令登入後獲得號碼 2713,而不手動解析身份驗證日誌?
如果重要的話,作業系統是 CentOS 7。
答案1
你可以使用這個:
var=`cat file | grep "There were" | cut -d' ' -f3`
另一種方法可以做到這一點:
var=`cat /var/log/secure | grep "Failed password" | wc -l`