Re: ssh login tracking
I wrote it using File::Tail. If anyone needs it for anything, let me
know and I'll send you a copy.
Works nicely. Thanks for the clue on File::Tail. Very little impact
on the system. I wrote it generically (you can specify the file to
watch, and look for incoming lines matching one of a hash of
regex's), so it could be used for other applications. It is
daemonized.
Again, thanks a lot for the pointers. Client is very happy. By the
way, I used auth.log instead of syslog. Much less traffic.
Rod
> On Thu, Jul 14, 2005 at 02:06:53AM -0400, Chris Wagner wrote:
>> I would do it based on the syslog. You can have a perl script that
>> stays running that keeps reading an appropriate log file and sends
>> the
>> email when it sees the appropriate sshd: line. Think of it as a
>> smart
>> tail -f. If you do a search you can find some examples of the tail
>> functionality.
>
> yep, agreed.
>
>
> File::Tail is an excellent perl module for doing this kind of thing.
>
> i have some example File::Tail perl scripts (mostly postfix mail.log
> related)
> in http://taz.net.au/postfix/scripts/
>
> e.g.
>
> 1. monitor-tls.pl - monitor mail.log and add entries to
> /etc/postfix/tls-per-site denying TLS to sites with TLS errors
> (useful
> when you have sites connecting that have broken TLS
> implementations).
>
> this is a very simple script, and easily forms the skeleton of a
> generic
> log-watching script.
>
>
> 2. watch-maillog.pl - monitor mail.log and add temporary iptables
> rules
> to block smtp connections from IP addresses that commit a variety of
> "crimes". an interesting experiment but ultimately not worth the
> bother.
> also does pop-before-smtp stuff.
>
> craig
>
> --
> craig sanders <cas@taz.net.au> (part time cyborg)
>
>
> --
> To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>
>
--
Meddle not in the Affairs of Dragons
for thou art crunchy, and good with catsup.
Reply to: