/plugins/ssh/sshd_log - Munin contributed plugins - Koumbit's Redmine

Télécharger au format

root / plugins / ssh / sshd_log @ c0568802

Historique | Voir | Annoter | Télécharger (2,25 ko)

       #!/bin/sh
+      #
       # Plugin to monitor auth.log for sshd server events.
+      #
       # Require read permitions for $LOG
       #  (set in /etc/munin/plugin-conf.d/munin-node on debian)
       # On busy servers you can change value type to COUNTER and set min to 0 to avoid minus peaks at logrotate
+      #
       # $Log$
       # Revision 1.2  2010/03/19 15:03:00  pmoranga
       # Revision 1.1  2009/04/26 23:28:00  ckujau
       # Revision 1.0  2009/04/22 22:00:00  zlati
       # Initial revision
+      #
       # Parameters:
+      #
       #       config   (required)
       #       autoconf (optional - used by munin-config)
+      #
       # Magick markers (optional):
       #%# family=auto
       #%# capabilities=autoconf
       # config example for /etc/munin/plugin-conf.d/munin-node
       #[sshd_log]
       #user root
       #group root
       #env.logfile /var/log/messages
       #env.category users
+      #
       LOG=${logfile:-/var/log/secure}
       CATEGORY=${category:-system}
       if [ "$1" = "autoconf" ]; then
               if [ -r "$LOG" ]; then
                       echo yes
                       exit 0
               else
                       echo no
                       exit 1
               fi
       fi
       if [ "$1" = "config" ]; then
               echo 'graph_title SSHD login stats from' $LOG
               echo 'graph_args --base 1000 -l 0'
               echo 'graph_vlabel logins'
               echo 'graph_category' $CATEGORY
               echo 'LogPass.label Successful password logins'
               echo 'LogPassPAM.label Successful login via PAM'
               echo 'LogKey.label Successful PublicKey logins'
               echo 'NoID.label No identification from user'
               echo 'rootAttempt.label Root login attempts'
               echo 'InvUsr.label Invalid user login attepmts'
               echo 'NoRDNS.label No reverse DNS for peer'
               echo 'Breakin.label Potential Breakin Attempts'
               exit 0
       fi
       awk 'BEGIN{c["LogPass"]=0;c["LogKey"]=0;c["NoID"]=0;c["rootAttempt"]=0;c["InvUsr"]=0;c["LogPassPAM"]=0;c["Breakin"]=0;c["NoRDNS"]=0; }
            /sshd\[.*Accepted password for/{c["LogPass"]++}
            /sshd\[.*Accepted publickey for/{c["LogKey"]++}
            /sshd\[.*Did not receive identification string/{c["NoID"]++}
            /sshd\[.*Failed password for root/{c["rootAttempt"]++}
            /sshd\[.*Invalid user/{c["InvUsr"]++}
            /sshd\[.*POSSIBLE BREAK-IN ATTEMPT!/{c["Breakin"]++}
            /sshd\[.*keyboard-interactive\/pam/{c["LogPassPAM"]++}
            /sshd\[.*reverse mapping checking getaddrinfo/{c["NoRDNS"]++}a
            END{for(i in c){print i".value " c[i]} }' < $LOG

Projet

Général

Profil

Munin contributed plugins

root / plugins / ssh / sshd_log @ c0568802