Send an email alert when someone login on OPNSense (SSH or Web interface)

Started by ale, January 10, 2020, 01:53:28 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 10, 2020, 01:53:28 PM
Hi everybody,
I'm a new OPNSense user and I've been asked to configure our OPNSense firewall/proxy to send an email whenever someone login via SSH or web management interface to it.
My boss would like to know (at least):
username used to login (at the moment only root is defined, in future there will be more admin user profiles)
ip from login comes from (to better understand suspicious activity on the lan).
Any other useful info would be appreciated.

I've read Monit documentation and FAQ and searched on the forum but it does not seem to trigger logins, as far I know nobody in the forum has asked anything similar (correct me if wrong).
Any of you has never faced such a type of request?
Probably I need to install something to monitor logins but my knowledge on OPNSense is low, very low... so if something is already bult in is better (for me).

Thank in advance for your suggestions
Ale
January 10, 2020, 04:05:44 PM #1 Last Edit: January 10, 2020, 04:16:37 PM by marjohn56
You could do it using Monit for shell logins as described here.


https://www.elitmus.com/blog/technology/using-monit-to-get-email-alert-on-unauthorized-login/


You'd need to modify it a bit and look at the system.log I think but it could work.


And I can think of a way of hacking the system to send an email when a user logs in via the web interface, but it would be that, a hack. You could always request it as a feature on github.
OPNsense 24.7 - Qotom Q355G4 - ISP - Squirrel 1Gbps.

Team Rebellion Member
January 11, 2020, 07:36:51 AM #2
Since it is logged to Syslog you could do that also from an external logging server like the ELK stack.
Print
Go Up Pages1
User actions