[Xymon] Log/file monitoring based on occurrence?

Mike Burger mburger at bubbanfriends.org
Thu Jan 10 15:25:45 CET 2013


> On 11/01/13 00:19, Mike Burger wrote:
>> That's what I figured, after having looked at the analysis.cfg man page
>> multiple times.
>>
>> If I want to do this, then, I'm going to have to script something to
>> analyze X amount of time and do something if it sees occurrences>=Y and
>> then feed that to Xymon somehow.
>>
>> Thanks.
> You might be able to use something like fail2ban, and configure it to
> simply add some text to a logfile instead of adding a iptables entry....
> Then let xymon monitor this fail2ban logfile....
>
> Possibly overkill, but just thought I'd mention it... better to re-use
> something that already exists...

At home, I use DenyHosts to do something similar on my publicly connected
systems.

At work, I've got two issues preventing this:

A) No iptables in use on the internally networked Linux systems.
B) The system where I'm looking to implement this approach is an AIX
system, so there's no iptables or any other onboard firewall.

The real reason we're looking at this, at all, is for security auditing
purposes. We can't keep an active eye on failed logins, all day, so we're
looking for something that can be used to alert us if an arbitrary number
of failed logins occurs within an arbitrary amount of time, based on the
audit logger's stream.
-- 
Mike Burger
http://www.bubbanfriends.org

"It's always suicide-mission this, save-the-planet that. No one ever just
stops by to say 'hi' anymore." --Colonel Jack O'Neill, SG1





More information about the Xymon mailing list