commandlinefu.com is the place to record those command-line gems that you return to again and again.
You can sign-in using OpenID credentials, or register a traditional username and password.
Subscribe to the feed for:
This will extract all the apt-get install commands issued on the box, even if they are in the gzipped history files.
I use zgrep because it also parses non gzip files.
With ls -tr, we parse logs in time order.
Greping the empty string just concatenates all logs, but you can also grep an IP, an URL...
This command checks for the number of times when someone has tried to login to your server and failed. If there are a lot, then that user is being targeted on your system and you might want to make sure that user either has remote logins disabled, or has a strong password, or both. If your output has an "invalid" line, it is a summary of all logins from users that don't exist on your system.