Monitoring Connection attempts
Tom Throckmorton
throck at duke.edu
Wed Mar 5 14:30:35 CET 2008
On Mar 05 09:34, Matthew Macdonald-Wallace wrote:
> Hi All,
>
> Before I start coding my own plugin to do this, does anyone know of a
> plugin that monitors the number of external connection attempts over a
> given period of time for a given service and sends alerts accordingly?
>
> I've noticed on a number of servers that we maintain recently that
> there are unauthorised attempts to connect via SSH/FTP. These appear
> in the log files about 2 seconds apart and are obviously automated.
>
> We've got Logcheck in place which alerts us to this kind of thing
> already, however I like the idea of a nice visual/audible alert (we all
> use the nagios-plugin for firefox here).
Since you already have an investment in Logcheck, you could feed those events
directly to Nagios using NSCA. There's an example configuration outlined in
this document:
https://www2.sans.org/reading_room/whitepapers/logging/198.php
If you're looking for something more real-time, you might consider dropping
Logcheck in favor of swatch/SEC.
Cheers,
-tt
--
Tom Throckmorton
OIT - CSI
Duke University
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list