[Xymon] Tracking foreign ssh connections with PORT
Henrik Størner
henrik at hswn.dk
Tue Jan 3 11:18:38 CET 2017
Den 03-01-2017 11:15, Alessandro Tinivelli skrev:
> Hi all, I was
trying to setup an alert when a server has established SSH connections
with a "foreign" remote IP (i.e. not beginning with 192.168).
HOST=host01
>
> PORT "LOCAL=%([.:]22)$" "REMOTE=%^(?!(192.168)).+"
state=ESTABLISHED MAX=0 COLOR=red TRACK=SSH_fconn "TEXT=SSH foreign
connections"
Neat, I like that :-)
Regards,
Henrik
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20170103/2ce403b3/attachment.html>
More information about the Xymon
mailing list