user139:/var/log# netstat -a | grep mail.cp
tcp 0 0 user139.host.ru:ssh mail.cp.governmen:46226 TIME_WAIT
tcp 16 0 user139.host.ru:ssh mail.cp.governmen:47154 ESTABLISHED
user139:/var/log# cat auth.log | grep 'government.bg' | wc -l
465
Mar 20 23:41:24 user139 sshd[9733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=mail.cp.government.bg
Source: https://habr.com/ru/post/55101/