Go to All Forums

SSH and RDP Login Notifications

A feature that would be really great to have available as part of Basic Server Monitoring, as part of the Agent itself, would be a capacity to monitor logins on various protocols (very similar to the functionality that LFD already provides):


On a Linux server I have, which has been hardened and had things added to it like LFD above, it's nice when LFD sends me a quick email letting me know that someone has logged in via SSH into the server (since we have so few people logging in, it's generally either myself or a colleague but not many others so it's a good security indicator). The other nice thing about LFD is it's ability to block IPs after so many login attempts.

By the same token, RDP itself on Windows Servers doesn't seem to have the same protections (there are some 3rd party products out there that can be added onto a Windows Server, but I don't believe there's currently an easy built-in way to receive email notifications on RDP logins, or to easily block IP addresses after a few bad login attempts).

Since we have to install Site24x7's Agent on our servers anyway, it would be wonderful if there were some of these capabilities added to the agent itself for us to be able to turn on for our servers easily if we want to be notified in these situations.

First, by adding notifications for these events would be a great start, but to lean into the existing "IT Automation" features available in Site24x7, it would be nice to see extra features that are automatically protecting us (auto blocking IP addresses after bad login attempts) added in over time as well. For me, that seems like it would be a useful addition for many.

Like (2) Reply
Replies (1)

For Windows you could do this now, just set up Windows Event Log check and monitor for Event ID 21 (Microsoft-Windows-TerminalServices-LocalSessionsManaget/Operational)

Pretty sure you'd be able to do something similar for Linux Syslogs checks. 

Each time the log triggered you would receive a trouble alert :)

Like (0) Reply

Was this post helpful?