Page 1 of 1

Feature request

Posted: Mon Jan 05, 2009 9:19 pm
by paullanders
Hi Dave.

A feature that I would like to request is an alert when a specific user logs on. For example, fire an alert if user 'root' logs in.

Thank you!

Paul

Re: Feature request

Posted: Mon Jan 05, 2009 10:11 pm
by dave
Hi Paul,

Happy New Year!

I guess you mean user logs into a node you're monitoring (not logging into the FreeNATS interface)?

If that is the case (node login) then probably not. There are a couple of ways it could be technically accomplished; a log scan, a login script updating a tmp file, a continuous process monitoring connections etc but none of these would be all that reliable, portable or integrate easily into FreeNATS.

To trap "normal" login events (i.e. users opening proper sessions as root - authorised or not!) then there are a number of tools available - as a first thought I'd consider a script built around logwatch that ran pretty often. Obviously if you want to catch more nefarious l33t h4ck3r5 then you need something a bit more heavyweight that monitors processes etc.

Sorry I can't be any more help.

Cheers,

Dave.