Hi i was wondering if someone could shed some light on what im trynig to do. Currently i have SSH alert
but i was reading a few forums to add this
but could not get it working any ideas?
thank you
Code:
{SSH Auth:log[/var/log/auth.log,"^.*sshd.*(Accepted|closed).*"].str(Accepted,#1)}=1
Code:
.nodata(10)}=0
thank you