Tracking foreign ssh connections with PORT

list Henrik Størner
Tue, 03 Jan 2017 11:18:38 +0100
Message-Id: <user-b58033a78086@xymon.invalid>

 
Den 03-01-2017 11:15, Alessandro Tinivelli skrev:

Hi all, I was
trying to setup an alert when a server has established SSH connections
with a "foreign" remote IP (i.e. not beginning with 192.168).

HOST=host01

PORT "LOCAL=%([.:]22)$" "REMOTE=%^(?!(192.168)).+"
state=ESTABLISHED MAX=0 COLOR=red TRACK=SSH_fconn "TEXT=SSH foreign
connections"

Neat, I like that :-) 
Regards,
Henrik