Skip to main content
cPanel Technical Support has been heavily impacted by hurricane Beryl and our ability to respond to tickets has been hindered as a result. We appreciate your understanding and patience as we address these delays.

How I can take the history IP of ALL access log as ROOT?

Comments

5 comments

  • 24x7server
    Please try with the following command, You will get the root user access IP list grep root /var/log/secure* | grep "Accepted" | awk {'print $11'} | sort | uniq -c | sort -nr
    0
  • cPanelMichael
    [quote="000, post: 1471661"> 2// How I can take the history IP of ALL ATACKS log as ROOT? (without repeat IP)
    Could you elaborate on which type of attacks you are referring to? For instance, are you looking for brute force attempt logs? Thank you.
    0
  • 000
    [quote="24x7server, post: 1472022">grep root /var/log/secure* | grep "Accepted" | awk {'print $11'} | sort | uniq -c | sort -nr
    Guao !!!... This GREATH !!!, Beautifull !! THANKS :D Run PERFECT. You command list ALL history IP of access as ROOT into server ! I have one more: This beautifull command:watch -n.9 'netstat -tup'
    show Actives IPS into server. Is possible edit and then show count/user of server ? Thanks newly.
    0
  • 24x7server
    Thanks, You can use following netstat command on your server netstat -tup | awk {'print $5'} | cut -d ":" -f1 | sort | uniq -c | sort -nr
    0
  • 000
    [quote="24x7server, post: 1473901">You can use following netstat command on your server netstat -tup | awk {'print $5'} | cut -d ":" -f1 | sort | uniq -c | sort -nr

    Thanks 24x7server. The command watch -n.9 'netstat -tup' refresh window each 9 seconds, show info automaticlly, but no show 2 imprtant columns: * USER or COUNT where remote connection work (only show the programm as by example HTTP, or PHP, or FTP), but connection is over... x.com? or z.com? * no show IP, only hostname remote: alum-ainavillo.ccp.gw a06-10-01.opera-mini static-69-64.nokia.ne etc... is possible show IP (no hostname) and show USER /COUNT whitout lost this important "autorefresh"? You command netstat -tup | awk {'print $5'} | cut -d ":" -f1 | sort | uniq -c | sort -nr no show USER/COUNT where x connection is working. Thanks by you help
    0

Please sign in to leave a comment.