Hi, I'm trying to monitor non-root user sudo attempts on my Kali Linux through /var/log/auth.log file, but I'm having trouble setting up the item and trigger :
I followed this blog : https://blog.zabbix.com/security-rel...h-zabbix/8659/
I've created the master item and dependent item just like the blog except the key in the master item is log["var/log/auth.log"]
and the trigger is almost the same:
Name : Sudo attempt without permissions {{ITEM.VALUE}.regsub("sudo: (.+) :", user: \1)} {{ITEM.VALUE}.regsub("COMMAND=(.+)", command: \1)}
Expression : {kali:sudo.fail.str()}=1
Created successfully but there is the error at the Info section with red "!" icon said : Cannot evaluate expression: "Cannot evaluate function "kali:log["var/log/auth.log"].logsource()": item is not supported.".
Can you help me solve this problem?
Thank you!
I followed this blog : https://blog.zabbix.com/security-rel...h-zabbix/8659/
I've created the master item and dependent item just like the blog except the key in the master item is log["var/log/auth.log"]
and the trigger is almost the same:
Name : Sudo attempt without permissions {{ITEM.VALUE}.regsub("sudo: (.+) :", user: \1)} {{ITEM.VALUE}.regsub("COMMAND=(.+)", command: \1)}
Expression : {kali:sudo.fail.str()}=1
Created successfully but there is the error at the Info section with red "!" icon said : Cannot evaluate expression: "Cannot evaluate function "kali:log["var/log/auth.log"].logsource()": item is not supported.".
Can you help me solve this problem?
Thank you!
Attached Files
Comment