Wednesday, January 30, 2008

HowTo: Be Alerted via Popups When Monitoring Log Files

Do you need a desktop popup alert when somebody is trying to bruteforce your SSH service?
How to be alerted from X Desktop when specific matching words appears from specific logs?
How to popup an alert when matching phrases are met from log files?

A quick entry on how to be alerted from X windows via popups when monitoring log files without opening a browser monitoring page, viewing graphs, viewing log files and reading email alerts.

MetaMonitor is a simple program written for KDE, which watches the syslog's or metalog's log file and pops up the window whenever the new message comes. You can specify the log file to watch, popup trigger settings and matching regular expressions for parsing log lines, so you can watch other than log files too.

In other words, MetaMonitor is a linux tool which watches specific or customized log files and pops up the window whenever the new matching alert message comes.

Here are some key features of "MetaMonitor":

· Ability to monitor Syslog's, Metalog's or custom file
· Ability to change default regular expression for parsing the logline
· Ability to change interval between single file checks
· Ability to communicate via DCOP
· Ability to configure popups (groupping, lifetime)


Metamonitor Installation

To install metamonitor, simply install it using yum .

# yum -y metamonitor

After successful installation, metamonitor appears from Application/System. You can call metamonitor binary by issuing

# metamonitor

Popup Alert for SSH Failed Attempts

You can use this metamonitor to monitor your SSH lof file. Say you want to be alerted for any refused SSH connections, simply follow these simple steps.

1. Enter a matching phrase of for specific message like

refused

2. Specify SSH log file like

/var/log/secure

3. Choose any other trigger alert, message, appearance and alert themes.

Now, try to connect from another box going to your linux box via ssh. That box should not be authorized for any ssh connections.

That's all.
PopUp Screenshot

Sample MetaMonitor Option ScreenShot

More Screenshot


Enjoy.

0 comments:

Sign up for PayPal and start accepting credit card payments instantly.
ILoveTux - howtos and news | About | Contact | TOS | Policy