How to read auth.logs in AWS ec2 instance logs?
We were looking into this file,
/var/logs/auth.logs and shows this:
(Question 1:) Is this a possible hack attempt?
Using this website https://www.abuseipdb.com/check/184.108.40.206 I can track the origin of the IP address.
I also run this command
last and shows this:
Can anyone please tell me what are this are? Thanks!
(Question 2:) What is the difference of last and auth.logs?
(Question 3:) What is
(Question 4:) What does this line mean,
Received disconnect from 220.127.116.11: 11: Normal Shutdown, Thank you for playing [preauth]?
(Question 5:) Is this normal? Does everyone always get this?