How to find out IPs trying to login to ssh

How to find out the IPs which were trying to login root via ssh:-

cat /var/log/secure | grep failed

1028 cat /var/log/messages | grep failed
1029 cat /var/log/messages | grep "Authentication failed for user"
1030 cat /var/log/secure | grep ssh
1031 cat /var/log/secure | grep ssh > /usr/local/apache/htdocs/ssh-attempts.txt


Suppose we need to download bakcup from the browser then :-

copy the backupfile into the path:-

/usr/local/apache/htdocs/cpmove.domainname.tar.gz

cat /usr/local/apache/htdocs/possible-attemps.txt | awk {'print $7}' | sort -n | uniq -c
65.64.217.180