[module] desc = Logins exec = /usr/share/epylog/modules/logins_mod.py files = /var/log/messages[.#], /var/log/secure[.#] enabled = yes internal = yes outhtml = yes priority = 0 [conf] ## # Only enable things useful for your configuration to speed things # up. The more stuff you enable, the slower matching will be. # enable_pam = 1 enable_xinetd = 1 enable_sshd = 1 enable_uw_imap = 0 enable_dovecot = 0 enable_courier = 0 enable_imp = 0 enable_proftpd = 0 ## # This is a fun setting. You can list domains that are "safe" here. # E.g. if your org's domain is example.com and you generally don't # expect logins from hosts in example.com domain to be suspicious, you # can add "example.com$" as a safe domain. This way anyone logging in from # a remote host not matching *.example.com will be flagged in red and the # full hostname of the connecting machine will be printed in the report. # List multiple values separated by comma. # E.g.: safe_domains = example.com$, foo.edu$ # The default is .*, meaning all domains are considered safe. To turn # this off specify something like: # safe_domains = !.* safe_domains = .* ## # If you have too many systems, wide-scale probing may turn ugly. This # will collapse the reports. systems_collapse = 10