[ozim]

Grooming logs from attempts seems like shibboleth on its own that is indicating junior level or “security enthusiast”.

Anyone who manages servers professionally does not read logs anymore and does not care about obvious things like people brute-forcing.

Reading ssh logs on your single VPS is security LARPING. Discussing faill2ban as well :)

[totetsu]

As that gaps of inequality of our winner takes all societies ever widen, anyone just trying to do something for themselves and not for global scale SV company is just meaninglessly role playing.

[ozim]

Not really. Only that reading logs by human or even grepping "manually" is super inefficient where you can make a script that will for instance send you a notification when someone actually logs into your VPS.

In world where "login attempts" are basically all day reality reading logs is meaningless. In 2023 no one should be reading logs you should have alerts on events. In 1995 or something if someone was trying to brute-force your user password that was security event to look at and block IP. In 2023 someone brute-forcing is not an event, it is either wrong configuration like not using ssh authentication or not using tools that filter logs automatically and make alerts when something is actually going on.