possible to test against "who"?
for *nixoide systems you can get the info from the clientlog and generate a status from that
xymon localhost "clientlog youhost.example.com section=who"
Or using xymonq :
xymonq -H yourhost.example.com -q clientlog -s who
and grep your way through that output.
The elegant implementation would be a channel listener. xymond_channel(8) should give some hint on that.
HTH
Thomas
On Nov 9, 2017 17:22, "Rothlisberger, John R." wrote:
Is anyone doing any tests against the “who” test?
I would possibly like to alert if root (linux) or administrator (windows) is logged into a server.
I have never seen this done before nor do I find anything in the docs for analysis.cfg. With today’s heightened security awareness this may be something others would be interested in also.
Thanks,
John
Upcoming PTO:
_____________________________________________________________________
John Rothlisberger
IT Strategy, Infrastructure & Security - Technology Growth Platform
TGP for Business Process Outsourcing
Accenture
XXX.XXX.XXXX office
_____________________________________________________________________
This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy.
______________________________________________________________________________________
www.accenture.com