Sprunk => 是一個平台 cat auth.log ### 時區調整 date sudo timedatectl set-timezone "Asia/Taipei" sudo service syslog restart cat auth.log | grep Fail* ### 監視log檔 sudo watch tail /var/log/auth.log ### 登入限制 sudo apt install fail2ban service fail2ban status service fail2ban start sudo fail2ban-client status sudo fail2ban-client status sshd ### 安裝Splunk  sudo dpkg -i splunk-9.1.3-d95b3299fa65-linux-2.6-amd64.deb sudo /opt/splunk/bin/splunk start 10.167.216.96:8000 install APP Fail2ban - TA for fail2ban Linux Secure Technology Add-On 新增檢索 搜尋語法 source="/var/log/fail2ban.log" AND Ban AND "10.167.216.*" Fail2ban 設定檔 sudo vim /etc/fail2ban/jail.conf 100行 -> index="auth" action=failure src=* | dedup src ### 資料收集 splunk Port 9997