Hi Dave.
A feature that I would like to request is an alert when a specific user logs on. For example, fire an alert if user 'root' logs in.
Thank you!
Paul
Feature request
Re: Feature request
Hi Paul,
Happy New Year!
I guess you mean user logs into a node you're monitoring (not logging into the FreeNATS interface)?
If that is the case (node login) then probably not. There are a couple of ways it could be technically accomplished; a log scan, a login script updating a tmp file, a continuous process monitoring connections etc but none of these would be all that reliable, portable or integrate easily into FreeNATS.
To trap "normal" login events (i.e. users opening proper sessions as root - authorised or not!) then there are a number of tools available - as a first thought I'd consider a script built around logwatch that ran pretty often. Obviously if you want to catch more nefarious l33t h4ck3r5 then you need something a bit more heavyweight that monitors processes etc.
Sorry I can't be any more help.
Cheers,
Dave.
Happy New Year!
I guess you mean user logs into a node you're monitoring (not logging into the FreeNATS interface)?
If that is the case (node login) then probably not. There are a couple of ways it could be technically accomplished; a log scan, a login script updating a tmp file, a continuous process monitoring connections etc but none of these would be all that reliable, portable or integrate easily into FreeNATS.
To trap "normal" login events (i.e. users opening proper sessions as root - authorised or not!) then there are a number of tools available - as a first thought I'd consider a script built around logwatch that ran pretty often. Obviously if you want to catch more nefarious l33t h4ck3r5 then you need something a bit more heavyweight that monitors processes etc.
Sorry I can't be any more help.
Cheers,
Dave.