9: Logged-in Users
It’s important to monitor the number of concurrent logged on users.
Outside the normal range typically indicates issues in your logoff processing.
Worse than a logoff issue, your Linux servers could be under attack.
In both cases Argent can warn you.
But the first step is to use the Argent Predictor to create a baseline of what is normal for each Linux server.
Then use the Argent Rule SCP_LINUX_MAX_USERS.
It’s likely you will need to take copies of this Rule to create different variables for different types of Linux servers.