Monitoring with Addigy can have many benefits such as being able to tell if someone is trying to initiate an SSH into one of your users’ devices. Addigy allows for alerting and remediation. 


Prerequisites:

Create a Monitoring Item

Create a Custom Fact


There are two options to monitor Remote Login and Remote Access using Monitoring items:


  • Leveraging existing Device Facts


We already have Device Facts for both Remote Login and Remote Access. The device fact for Remote Login is called Remote Login Enabled and the device fact for Remote Access is called Remote Desktop Enabled. Both of these facts can be leveraged to create Monitoring Items. Therefore it would only take two simple steps to start monitoring Remote Access and Remote Login with Addigy.  

  1. Create Monitoring Item for Remote Login

  2. Create Monitoring Item for Remote Access


  • Creating a Custom Fact that monitors for both Remote Login and Remote Access


If you would rather have a single Monitoring Item that checks for both Remote Login and Remote Access. This can be achieved by creating a Custom Fact. 


Remote Login can be checked using 

/usr/sbin/systemsetup getremotelogin

Remote Access can be checked using 

ps ax | grep -v grep | grep ARDAgent

As mentioned above, both commands can be combined into a unique script to be used in a Custom Fact that can then be used in a Monitoring Item. 


Please note: A monitoring item to check for Remote Access might result in false alerts as it's checking for the process and the process might stop running from time to time. Please keep this in mind if you decide creating this Monitoring Item. 


If you have an Addigy account and have additional questions, you can create a ticket by emailing support@addigy.com.

Alternatively, you can submit a support request within Addigy.