取出/var/log/secure中一小時(shí)內(nèi)登錄失敗超過(guò)三次的IP

前兩個(gè)字段是日期，第三個(gè)字段是小時(shí)，第四個(gè)字段是IP
cat /var/log/secure | sort -i | awk -F '[ :]' '/Failed/{a[$1" "$2" "$3" "$4" "$(NF-3)]++}END{for(i in a)if(a[i]>3)print i}'

s="Jul 7 13:49:08"
sed -n "/$s/,$ p" /var/log/secure | awk '/Failed/{a[$(NF-3)]++}END{for(b in a){if(a[b]>2){print b}}}'