Here’s a quick EEM script I wrote to email you the information of someone who just SSH’d into the Router successfully.
event manager environment _email_to [email protected] event manager environment _email_server X.X.X.X event manager environment _email_from [email protected] event manager applet email event syslog pattern "SEC_LOGIN-5-LOGIN_SUCCESS" action 1.0 cli command "enable" action 2.0 cli command "show users" action 8.0 mail server "$_email_server" to "$_email_to" from "$_email_from" subject "Successful SSH Login On X Router" body "$_cli_result" action 9.0 syslog msg "E-mail was sent"
In the above configuration make sure to review the first 3 lines, there are 3 variables that need replacing. The [email protected], x.x.x.x (smtp server ip, no auth, port 25), and the [email protected]
What does the email look like?
The email contains the source IP address and the user name that logged in.