不指定时间查看尝试登录服务器的SSH访问IP地址
# CentOS/RHEL系统
zgrep "sshd" /var/log/secure-* | grep "Failed password" | awk '{print $(NF-3)}' | sort | uniq -c | sort -nr | head -n 10
检查过去7天的日志尝试登录服务器的SSH访问IP地址
# CentOS/RHEL系统
find /var/log -name "secure*" -type f -mtime -7 -exec zgrep "sshd" {} \; | grep "Failed password" | awk '{print $(NF-3)}' | sort | uniq -c | sort -nr | head -n 10
