Answer the question
In order to leave comments, you need to log in
V
V
Valery2017-09-08 10:40:56
Valery, 2017-09-08 10:40:56
How can I monitor authorizations on Server 2008 R2?
Prompt any utility that can monitor authorizations on the 2008 R2 server, preferably those that did not pass.
I'll explain the situation. there is a server and one of these days it was hacked. Well, as they hacked, one employee somewhere blew the data for authorization. But after we logged in under it, the server was brute-forced with various logins/passwords for quite some time. Accordingly, it is displayed in the log. So, if there are any means to monitor this? For example, someone knocks on a server, authorization does not pass, a notification comes from the server to the mail, sms, but at least where?
1 answer(s)
@Sergey78
S
Sergey78, 2017-09-08 @Sergey78
I put a telegram notification on the failed login.
On a certain event in the log, a cmd script is launched, which, using curl, pulls a php script on the server that sends a notification to the telegram.
You can probably call bot-api directly from the script on the shell, but I already just have a php script that sends to telegrams, so it was easier for me to pull it.
Similar questions
O
A
M
Maxim2013-07-29 15:36:34
How to get an error code other than 200 from PHP-FPM on PHP Fatal error?
6Reply
M
marazm902021-09-22 20:12:18
Where to retrain from the dying areas of storage and storage systems?
2Reply
O
OracleX2021-09-23 09:39:36
How to bridge from Kazakhtelecom router Ebi-Focus to Mikrotik HAP AC2?
3Reply
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question