Script Monitor SSH

Script Monitor SSH

This is the script that monitor SSH session that check grep the specific word in the SSH login file. 

#!/bin/bash
cat /var/log/secure |egrep '(Accepted password|session opened for)' > /var/log/monitor-ssh.log
tail -F /var/log/secure | egrep --line-buffered '(Accepted password|session opened for)' | while read ;
do
mail -s "User Loged In - ServerName" ken.vannakk@gmail.com < /var/log/monitor-ssh.log ;
done

# ------------------------------------------------ End Of Script ----------------------------------------------------#

Copy this content above  put in a file and set in the crond.

Note: Run this script only one time, and keep it process running to keep monitor.