Skip to content
A SSH/SFTP log watcher
Find file
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.

SSH Monitor

A daemon that watches all SSH/SFTP login entries on the authentication log (usually /var/log/auth.log) and e-mail them to yourself. It works like a very simple intrusion detection system, informing you about any successful logins on your SSH server. Written entirely in Python, you just need:

  • A Linux box (maybe anything *NIX, but was tested only on Linux) running a SSH server (OpenSSH or Dropbear).
  • Python 2.x (it was developed on the 2.6.6 release, but will probably run on anything higher than Python 2.4).
  • Read access to /var/log/auth.log (you didn't though you could analyse the log without reading it, didn't you?).
  • Write access to /var/run/ (to be able to terminate it's execution through 'stop' command).
  • Local SMTP server (like Exim or Sendmail).

Installation and Usage

Just put the file anywhere you want, run with:


And forget it. You don't have to do anything after that, just wait your e-mails to arrive. It is also possible to run it every boot by putting the same command on the /etc/rc.local.

If you want to stop it, type:

python stop


The source code is licensed under the GNU General Public License Version 2 (GPLv2). It is available in both HTML and TXT formats.


Tiago "Myhro" Ilieve

The daemonize() function was adapted from the book "Python for Unix and Linux System Administration" by Noah Gift and Jeremy Jones.

Something went wrong with that request. Please try again.