9: Logged-in Users

It’s important to monitor the number of concurrent logged on users.

Outside the normal range typically indicates issues in your logoff processing.

Worse than a logoff issue, your Linux servers could be under attack.

In both cases Argent can warn you.

But the first step is to use the Argent Predictor to create a baseline of what is normal for each Linux server.

Then use the Argent Rule SCP_LINUX_MAX_USERS.

It’s likely you will need to take copies of this Rule to create different variables for different types of Linux servers.

See Also: Linux – The 12 Items You Must Monitor – Count Of Network Connections