[kwlug-disc] cron job, alert

John Van Ostrand john at netdirect.ca
Wed Dec 29 21:51:45 EST 2010

----- Original Message -----
> How would I set up an email alert to go off every time someone logs on
> to my server, or a specific user logs on?
> My webserver got hacked and until I can get it cleaned up I'd like
> notification if someone logs on. (looks like they brute forced my
> password, though I'm a bit surprised they can do that).

If the login you need to monitor is recorded by syslog you can configure syslog to mirror logs to a program. Then run the program in the background to look for the log. This will give you real-time response to the event.

I could give you configs but I don't know which logger Mandriva is using.

Normally how this works is that you create a pipe (mkfifo /var/run/syslog-watch) and configure syslog to write to that pipe.

Then write a script (perl perhaps) to read from the fifo and looks for the log line that interests you.

We do this for specialized applications that need to react to log lines. It's less CPU intense because the program blocks on reads rather than having to poll a log file over and over and over.

John Van Ostrand 
CTO, co-CEO 
Net Direct Inc. 
564 Weber St. N. Unit 12, Waterloo, ON N2L 5C6 
Ph: 866-883-1172 x5102 
Fx: 519-883-8533 

Linux Solutions / IBM Hardware 

More information about the kwlug-disc mailing list