我尝试查看自特定时间以来失败的用户登录尝试。但我通过网上搜索找到的所有方法都不起作用。我使用的是 openSUSE 13.2。
journalctl -a --no-pager --since="2015-02-04 00:00:00"
给了我一个长而丑陋的所有系统事件列表(还有失败的登录尝试)。有没有更好的方法来收集这些信息?
答案1
这对我有用:
journalctl `which sshd` -a --no-pager --since="2015-02-04 00:00:00" | grep Failed
示例输出:
Apr 02 10:18:13 sturm sshd[6068]: Failed password for aboettger from 192.168.2.40 port 4812 ssh2
Apr 02 10:18:18 sturm sshd[6068]: Failed password for aboettger from 192.168.2.40 port 4812 ssh2
或者使用-p-选项,例如:
journalctl `which sshd` -p 5 -a --no-pager --since="2015-02-04 00:00:00"
Journalctl 手册页:
-p, --priority=
Filter output by message priorities or priority ranges. Takes either a single numeric or textual log level (i.e. between
0/"emerg" and 7/"debug"), or a range of numeric/text log levels in the form FROM..TO. The log levels are the usual syslog
log levels as documented in syslog(3), i.e. "emerg" (0), "alert" (1), "crit" (2), "err" (3), "warning" (4), "notice" (5),
"info" (6), "debug" (7). If a single log level is specified, all messages with this log level or a lower (hence more
important) log level are shown. If a range is specified, all messages within the range are shown, including both the start
and the end value of the range. This will add "PRIORITY=" matches for the specified priorities.