The Linux/SSH Login Event Monitor runs "lastlog" on systems that support it and alerts based on user security events. This tutorial will teach you how to set up a Linux Login Monitor and begin monitoring these values.

First, choose a level of alert to receive if the SSH server cannot be reached.

Connection Settings

You can also choose to receive an alert if a user logs in.

User Login Settings

If a new user is detected, the next option will send you an alert of your choice.

User Addition Settings

The next option will alert you if a user is removed.

User Removal Settings

Under "Monitoring Options", you can choose whether or not to include a list of users in each notification. You can also input a specific list of users to alert about or specify users to ignore.

Monitoring Options

Under "Connection Options", specify the port number and timeout that will be used.

Connection Options

This tutorial taught you how to set up a Linux/SSH Login Event Monitor. More Linux event monitor tutorials are on the Features page, which we update regularly. For more documentation on this event monitor, click here to visit its Technical Resources page.

More IT Monitoring Features