We all love to read log files, and for Linux I tend to simplify that search process if I know what I’m looking for. As you probably know many daemons and programs logs to
/var/log , but usually I don’t care to specify the file (like
mysql.err etc) so I just do
cat on all the files in the log dir.
So here’s a quick gem to list automated ssh attacks to your server:
$ sudo cat /var/log/* | grep BREAK-IN
More on ITDB