Monitor SSH Connections using Zabbix

deepak.sharma

Junior Member

Joined: Apr 2014

Posts: 14
#1

Monitor SSH Connections using Zabbix

05-09-2014, 11:07

Hey Friends, Is there nay one who can help me out from the following situation.

I want to monitor the ssh connections made to any remote machine using Zabbix.

Zabbix Server ----------------> Remote Machine <--------------User

Any User who tries to ssh to Remote Machine can be logged and viewed in Zabbix.
Items to be monitored like, User IP Address, Username (on Machine on which User tries to access), SSH Port (used by User), etc.

Thanks in advance. Eagerly wating for the reply.
Tags: None
enzorik

Member

Joined: Feb 2014

Posts: 37
#2

14-09-2014, 12:48

Hello,
you can define few items for remote ssh connections:
Type: Zabbix Agent (Active)
Items:

Code:

log[/var/log/auth.log,"Accepted password",,100] for successful user connection log[/var/log/auth.log,"authentication failure",,100] for authentication failures

Don't forget grant zabbix user read permissions to /var/log/auth.log

As result you'll receive:
"Accepted password for root from 192.168.1.41 port 52615 ssh2" -success
"pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.1.40 user=root" - failure

Last edited by enzorik; 14-09-2014, 12:52.
Comment

Ad Widget