Here is my simple bashscript to export failed SSH logins with IP address of the intruder into csv file and send back to you with email. Once you have it in csv format, you can do many things with the data. You can import it into MySQL database, import it into Google Maps and create your custom maps of intruders to your server or simply create another script and block all those IP addresses for good.
Here is my simple script:
#!/bin/bash ############################################################# # Filename: intruder.sh # Description: Send email with intruder date,time, userId, IP ############################################################## cat /var/log/secure | grep -i "Failed password for" | awk '{print $1,$2,$3,$9,$11;}' > FAILED.csv mail -s "FAILED SSH LOGINS" you@domain.com < FAILED.csv
Just copy and paste and save as intruder.sh and do not forget make it executable
su vi intruder.sh chmod a+x intruder.sh
You are ready to run the script any time on your your server.