VanDyke Software

Automation Tip

Index

This tip from one of our customer support technicians provides some examples of VShell® failed authentication triggers in a Microsoft Windows environment.

Setting up Email Notification for Failed Authentication Events Using VShell Triggers

The VShell server supports the specification of a failed authentication trigger command. This command will run after the limit of failed authentication attempts has been reached for the current connection. For example, if a connection exceeds the limit of failed authentication attempts, this trigger can execute commands that cause specific information to be logged to a separate file, or even send email notifications.

To set up a failed authentication trigger command, open the VShell Control Panel and select the Common / Triggers category. Select the Authentication failed trigger, then press the Edit button. The Enable Trigger option must be enabled for the specified command to be executed upon an authentication failure event. The first field, which is required, is for the command that will be executed. This could be cmd.exe, a script, or some other executable. The second field is for any parameters that the command will use.

The authentication failed trigger supports the following command substitution variables:

%D -- Date of occurrence

%I -- IP address of user

%T -- Time of occurrence

%U -- User

If you're a system administrator, you may want more visibility or immediate notification when an authentication failure event occurs. Below is an example that shows how to set up an authentication trigger that will send an email notification of the failure event. This example uses a VBScript that takes parameters for the information pertaining to the failed authentication attempt (source IP, date, time, and username). The script will then send an email to the specified recipient with the failed authentication details. The script will also log this information to the file specified in the script. If the script encounters any fatal errors, they will be logged to the Windows Event Log.

Set up VShell's Authentication Failure Trigger Command to:

C:\Windows\System32\cscript.exe

Set up VShell's Authentication Failure Trigger Parameters to:

"C:\VShellAuthFailureTriggerScript.vbs" %I %D %T %U

Here is the sample VBScript code for the Failed Authentication Trigger Script in its entirety: VShellAuthFailureTriggerScript.txt (for this script to work properly, you should save the file with a .vbs extension). You will also need to specify the source and destination email addresses and the SMTP server information in the script.