Failed Login Alerts via emai?
Anyone know if there is a way to get failed login alerts if someone is hitting on SSH or the web gui?
The only ready to use way I know provides the package mailreport.
It can filter log files, for e.g. the system log for "authentication error" and report only lines which include the filter string.
However, it just runs as a cron job at a preset time and you get an email regardless if there was a filter match or not.
I've played around with it, trying to place a date variable in the filter so that I only get matches from the current day, but with no success.
Good to know. I'm curious how you applied the filter to the mail report. I also have mail report installed on a few firewall but my thought was it would be great to get a instant email report upon x amount of login failures. Another way to do it is with a syslog server, which I've been working on getting up and running on and off, thus far a bit of a PITA.
But from a administrators point of view this is a feature that would notify if someone is trying to break into the firewall as soon as it happens. I would think someone would have already added it.
But good to know there are no options for this so far. I'll add it to requested features.
I posted it up as a bounty