Quote:
Originally Posted by B612
Hello
We d like to send through rsyslog to our SOC event if the firewall on RHEL and Ubuntu was turned off. Meanwhile we have notification on failed login +, but nothing for the FW.
Someone knows if it s possible ?
|
Yes, very possible. You've been asking about security-related things for a few years now...if this is for your job, have you talked to the administrators of those systems??? They would know. Or you could hire a consultant to write something for you. Again, as you've been told before, this depends on your environment, needs, what you HAVE and what you really WANT.
If you have a centralized monitoring system, you could use SNMP to check to see if the process(es) are running, and alert based on that. You could write a script to check the process every X seconds, and send something to a system log if not. Lots of ways to do this; talk to your administrators.