Am Mittwoch, 5. März 2008 14:14 schrieb Hari Sekhon: > Matthew Macdonald-Wallace wrote: > > Hi All, > > > > Before I start coding my own plugin to do this, does anyone know of a > > plugin that monitors the number of external connection attempts over a > > given period of time for a given service and sends alerts accordingly? > > > > I've noticed on a number of servers that we maintain recently that > > there are unauthorised attempts to connect via SSH/FTP. These appear > > in the log files about 2 seconds apart and are obviously automated. > > > > We've got Logcheck in place which alerts us to this kind of thing > > already, however I like the idea of a nice visual/audible alert (we all > > use the nagios-plugin for firefox here). > > You could probably use check_logfiles to search for those logged strings > and alert on those. Haven't used it myself yet but it seems good. > > http://www.consol.com/opensource/nagios/check-logfiles/ > > -h
1) Better use the logmatch option in the net-snmp configuration. It is quite undocumented but works like a charm. nagios can read these values with check_snmp. Syntax: logmatch <name> <logile> <interval> <regex> 2) On the other hand: Why don't you use limits for external ssh connections? -- Dr. Michael Schwartzkopff MultiNET Services GmbH Addresse: Bretonischer Ring 7; 85630 Grasbrunn; Germany Tel: +49 - 89 - 45 69 11 0 Fax: +49 - 89 - 45 69 11 21 mob: +49 - 174 - 343 28 75 mail: [EMAIL PROTECTED] web: www.multinet.de Sitz der Gesellschaft: 85630 Grasbrunn Registergericht: Amtsgericht München HRB 114375 Geschäftsführer: Günter Jurgeneit, Hubert Martens --- PGP Fingerprint: F919 3919 FF12 ED5A 2801 DEA6 AA77 57A4 EDD8 979B Skype: misch42 ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Nagios-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
