Monitoring Connection attempts

Michael Schwartzkopff misch at multinet.de
Wed Mar 5 14:22:26 CET 2008

Previous message: Monitoring Connection attempts
Next message: Monitoring Connection attempts
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Am Mittwoch, 5. März 2008 14:14 schrieb Hari Sekhon:
> Matthew Macdonald-Wallace wrote:
> > Hi All,
> >
> > Before I start coding my own plugin to do this, does anyone know of a
> > plugin that monitors the number of external connection attempts over a
> > given period of time for a given service and sends alerts accordingly?
> >
> > I've noticed on a number of servers that we maintain recently that
> > there are unauthorised attempts to connect via SSH/FTP.  These appear
> > in the log files about 2 seconds apart and are obviously automated.
> >
> > We've got Logcheck in place which alerts us to this kind of thing
> > already, however I like the idea of a nice visual/audible alert (we all
> > use the nagios-plugin for firefox here).
>
> You could probably use check_logfiles to search for those logged strings
> and alert on those. Haven't used it myself yet but it seems good.
>
> http://www.consol.com/opensource/nagios/check-logfiles/
>
> -h


1) Better use the logmatch option in the net-snmp configuration. It is quite 
undocumented but works like a charm. nagios can read these values with 
check_snmp.

Syntax:
logmatch <name> <logile> <interval> <regex>

2) On the other hand: Why don't you use limits for external ssh connections?


-- 
Dr. Michael Schwartzkopff
MultiNET Services GmbH
Addresse: Bretonischer Ring 7; 85630 Grasbrunn; Germany
Tel: +49 - 89 - 45 69 11 0
Fax: +49 - 89 - 45 69 11 21
mob: +49 - 174 - 343 28 75

mail: misch at multinet.de
web: www.multinet.de

Sitz der Gesellschaft: 85630 Grasbrunn
Registergericht: Amtsgericht München HRB 114375
Geschäftsführer: Günter Jurgeneit, Hubert Martens

---

PGP Fingerprint: F919 3919 FF12 ED5A 2801 DEA6 AA77 57A4 EDD8 979B
Skype: misch42

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null

Previous message: Monitoring Connection attempts
Next message: Monitoring Connection attempts
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users mailing list