On Jul 31, 2015 10:45 AM, "Jon Zeolla" <[email protected]> wrote: > > Hi, > > I've done a bit of looking around but haven't found exactly what I'm looking for. Is there a recommended path forward to monitor and alert on logins of non-whitelisted users to linux machines? Similar to the FTS alerts, but would hit every time someone other than an approved admin logged in. The approved admins could be in an LDAP group or statically defined in the rule. Thanks, >
You could possibly use cdb to help filter alerts for specific usernames. > Jon > > -- > > --- > You received this message because you are subscribed to the Google Groups "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
