Is it possible to monitor the success of authenticated SSH to a linux box using net_connect?
Is there any other method to monitor SSH Authentication Success with DX UIM?
Guidance
Below is a simplified example:
1. Engage your linux administrator for specific monitoring needs. In the example below, the following command checks if the ssh session connects with a certain username and password if executed locally at the server:
sshpass -p 'Password' ssh -o StrictHostKeyChecking=no root@hostname "uptime"
Example of positive (connected correctly) output:
08:28:17 up 101 days, 17:46, 1 user, load average: 0.21, 0.18, 0.18
2. Once you have verified that the command returns the correct value for established sshpass with the username and password you can use that command in logmon probe deployed on the same robot.
Create a command profile and use the command:
Create a watcher. In this case we'll select the entire output with the match expression .* for testing:
After the first cycle, the logmon will capture the entire output in an alarm.
Note: This is just a basic example on how to capture the output of sshpass output. It is possible to create comparison thresholds based on variables or on more specific watcher regex matching.