On Mar 05 09:34, Matthew Macdonald-Wallace wrote: > Hi All, > > Before I start coding my own plugin to do this, does anyone know of a > plugin that monitors the number of external connection attempts over a > given period of time for a given service and sends alerts accordingly? > > I've noticed on a number of servers that we maintain recently that > there are unauthorised attempts to connect via SSH/FTP. These appear > in the log files about 2 seconds apart and are obviously automated. > > We've got Logcheck in place which alerts us to this kind of thing > already, however I like the idea of a nice visual/audible alert (we all > use the nagios-plugin for firefox here).
Since you already have an investment in Logcheck, you could feed those events directly to Nagios using NSCA. There's an example configuration outlined in this document: https://www2.sans.org/reading_room/whitepapers/logging/198.php If you're looking for something more real-time, you might consider dropping Logcheck in favor of swatch/SEC. Cheers, -tt -- Tom Throckmorton OIT - CSI Duke University ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null