parse auth.log / secure · SSH brute force · sudo · privilege escalation
drop log
Drop auth.log or /var/log/secure
Linux: /var/log/auth.log · /var/log/secure · journalctl -u sshd
status
drop /var/log/auth.log · /var/log/secure · or Windows Security EVTX CSV