Re: Real Time monitoring/alerting utility..

To: debian-user@lists.debian.org
Subject: Re: Real Time monitoring/alerting utility..
From: Simon Kitching <simon@ecnetwork.co.nz>
Date: Thu, 26 Aug 2004 11:08:23 +1200
Message-id: <[🔎] 1093475303.1950.2.camel@pcsimon>
In-reply-to: <[🔎] 20040825222457.GE9745@scatterbolt.r00tserverz.net>
References: <[🔎] 7B5E506659A5D344A505F0F27972D87549D17B@datafx-sbs.DataFX.local> <[🔎] 20040825222457.GE9745@scatterbolt.r00tserverz.net>

On Thu, 2004-08-26 at 10:24, Tim Kelley wrote:
> On Thu, Aug 26, 2004 at 08:14:50AM +1000, Michael Bellears wrote:
> 
> > No - He wants to be notified immediately if an FTP or SSH connection is
> > established.
> 
> Using snort and tailing the logfile, it doesn't get much more real
> time than that.  Just modify the config files to treat all accesses as
> alerts.  Use acidlab with it and you have a history of every access,
> ever.
> 

Another option might be to use a PAM module.

I don't know if there already exists a suitable pam module, but if not
then writing one shouldn't be too hard. Then just add it to
/etc/pam.d/ssh.

Cheers,

Simon

Reply to:

References:
- RE: Real Time monitoring/alerting utility..
  - From: "Michael Bellears" <MBellears@staff.datafx.com.au>
- Re: Real Time monitoring/alerting utility..
  - From: Tim Kelley <tpk@r00tserverz.net>

Prev by Date: Re: Real Time monitoring/alerting utility..
Next by Date: Re: Package Download Tool?
Previous by thread: Re: Real Time monitoring/alerting utility..
Next by thread: Problems uninstalling
Index(es):
- Date
- Thread