Hi,
On Thu, Jul 21, 2016 at 01:10:18PM -0800, John Thurston wrote:
On 7/21/2016 7:58 AM, FreeSoftwareServers wrote:
I want XYMon to go RED if SSH is ENABLED
0.0.0.0 foo.bar.com # !ssh
That's for the remote test.
If you want a "local" test, i.e. one that's based on data sent by the
client, you can put lines the following into your analysis.cfg:
HOST=foo.bar.com
PORT STATE=LISTEN "LOCAL=%^(0\.0\.0\.0|::)[.:](22|1022|2200|2222)$" MAX=0 "TRACK=Unwanted SSH server"
(We use that to get informed if some user starts a web server on
typical ports like 8000 or 8080 on managed Linux workstations.)
Kind regards, Axel Beckert
--
Axel Beckert <user-96d9963fe797@xymon.invalid> support: +41 44 633 26 68
IT Services Group, HPT H 6 voice: +41 44 633 41 89
Departement of Physics, ETH Zurich
CH-8093 Zurich, Switzerland http://nic.phys.ethz.ch/