Xymon Mailing List Archive search

Alert for WHO column possible?

list Steven Carr
Tue, 21 Jul 2020 11:37:26 +0100
Message-Id: <CALMep05s7ncZ=user-ce7eef62d161@xymon.invalid>

I have a script that runs on the server side, checking the clientlog
information for logins, currently this is set to alert when root is
detected, but could easily be modded to negate and look for another
user...

<code>
#!/bin/bash

HOSTTAG=who
COLUMN=$HOSTTAG

$XYMONHOME/bin/xymongrep $HOSTTAG | while read L
do
    set $L

    HOSTIP="$1"
    MACHINEDOTS="$2"

    WHO=`$XYMON $XYMSRV "clientlog $MACHINEDOTS section=who"`

    if echo "$WHO" | grep "^root" >/dev/null; then
        MSG="status $MACHINEDOTS.$COLUMN red root logins detected"
    else
        MSG="status $MACHINEDOTS.$COLUMN green no root logins detected"
    fi
    $XYMON $XYMSRV "$MSG
$WHO"
done

exit 0
</code>