[Xymon] SSH - Make Red if ACTIVE
Axel Beckert
beckert at phys.ethz.ch
Fri Aug 5 15:21:29 CEST 2016
Hi,
On Thu, Jul 21, 2016 at 01:10:18PM -0800, John Thurston wrote:
> On 7/21/2016 7:58 AM, FreeSoftwareServers wrote:
> >I want XYMon to go RED if SSH is ENABLED
>
> 0.0.0.0 foo.bar.com # !ssh
That's for the remote test.
If you want a "local" test, i.e. one that's based on data sent by the
client, you can put lines the following into your analysis.cfg:
HOST=foo.bar.com
PORT STATE=LISTEN "LOCAL=%^(0\.0\.0\.0|::)[.:](22|1022|2200|2222)$" MAX=0 "TRACK=Unwanted SSH server"
(We use that to get informed if some user starts a web server on
typical ports like 8000 or 8080 on managed Linux workstations.)
Kind regards, Axel Beckert
--
Axel Beckert <beckert at phys.ethz.ch> support: +41 44 633 26 68
IT Services Group, HPT H 6 voice: +41 44 633 41 89
Departement of Physics, ETH Zurich
CH-8093 Zurich, Switzerland http://nic.phys.ethz.ch/
More information about the Xymon
mailing list