I bet I could get something like that going easily, as my logs goto Splunk. Just not the biggest fire to put out at the moment.
-ANGELO FAZZINA UITS Service Manager: Spam and Virus Prevention Mass Mailing G Suite/Gmail [email protected] University of Connecticut, UITS, SSG, Server Systems 860-486-9075 -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Matthew Broadhead Sent: Tuesday, December 19, 2017 12:02 PM To: [email protected] Subject: detect suspicious logins does anyone know of a linux module (maybe similar to fail2ban) that could be installed which would monitor email logs (sign ins) and alert the user to any suspicious activity on their account? i suspect it would need to log geo location, device type and ip address to a database. it seems like a module like this would be very useful and should exist already? thanks in advance
