display systemd log entries for sshd using "no-pager" (a bit like in pre-systemd: grep sshd /var/log/messages)

# journalctl -u sshd --no-pager # display sshd log entries
In pre-systemd systems, something like: "# grep sshd /var/log/messages" would display log events in /var/log/messages containing "sshd". # journalctl -u sshd --no-pager The above command displays similar results for systemd systems. (Note that this needs to be run with root permissions to access the log data.)

By: mpb
2015-10-15 08:48:47

These Might Interest You

  • Searches the /var/log/secure log file for Failed and/or invalid user log in attempts. Show Sample Output

    cat /var/log/secure | grep sshd | grep Failed | sed 's/invalid//' | sed 's/user//' | awk '{print $11}' | sort | uniq -c | sort -n
    empulse · 2009-03-30 15:48:24 7
  • gets network ports only ones for the sshd service only logged in a specific user (changed for public posting) only in a specific localhost:port range not IPv6 Only the part of the response after the ":" character Only the part of the response before the 1st space Output is just the rssh port

    sudo lsof -i -n | grep sshd | grep sshuser | grep :[PORT-RANGE] | grep -v IPv6 | awk -F\: '{print $2}' | grep -v http | awk -F" " '{print $1}'
    das_shark · 2015-04-09 15:41:11 1
  • It's useful when you cannot access your env (systemd) or the process DISPLAY variable is not set. Perhaps also when you have a multi-head/user configuration. Show Sample Output

    for p in $(pgrep -t $(cat /sys/class/tty/tty0/active)); do d=$(awk -v RS='\0' -F= '$1=="DISPLAY" {print $2}' /proc/$p/environ 2>/dev/null); [[ -n $d ]] && break; done; echo $d
    geyslan · 2015-05-18 20:01:20 16
  • Replace "user/sbin/sshd" with the file you would like to check. If you are doing this due to intrusion, you obviously would want to check size, last modification date and md5 of the md5sum application itself. Also, note that "/var/lib/dpkg/info/*.md5sums" files might have been tampered with themselves. Neither to say, this is a useful command. Show Sample Output

    cat /var/lib/dpkg/info/*.md5sums|grep usr/sbin/sshd|sed 's,usr,/usr,'|md5sum -c
    Ztyx · 2013-03-12 11:20:48 0

What Others Think

Do we need really need command examples of things that can be easily discovered by reading the man pages?
Tatsh · 136 weeks and 2 days ago
@tatsh the logical conclusion of which is don't bother with commandlinefu at all: just go RTFM. :-) For me, commandlinefu is another learning resource. I don't really care if an entry here is also in the man pages.
mpb · 136 weeks and 2 days ago

What do you think?

Any thoughts on this command? Does it work on your machine? Can you do the same thing with only 14 characters?

You must be signed in to comment.

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Share Your Commands

Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for: