There is a file in /var/log called btmp. If you notice this file is abnormally large *say 2GB* while it should be in the less than 10MB zone, you are or had gone through an SSH Brute Force attempt.
This file logs all the attempts to log-in to your server via SSH. If you have thousands of failed logins this file grows fast. You can remedy the problem my changing the SSH port number or allowing SSH access to limited IP’s per /etc/hosts.allow .
If this is taking up space, delete it. You can issue a bunch of commands, I like to zero it out with echo.