Is there a way to trigger an alert or an event, get it logged, and get an email sent in the case of someone/something from an unusual or unlikely location accessing an area having both private and public facing IP addresses? I am thinking in terms of someone who wouldn't/shouldn't normally be interested in our sites/servers because of location or interest suddenly decides to try to look at items on the site/servers. I would include web spiders and automated indexers in this category it they originate from a location that wouldn't normally be interested in us. We are a school district, so I could understand people moving into the area looking to check rankings, activities, enrollment, etc. I could see other education institutions being interested. I would not expect someone from outside North America being interested without advance notice and for a reasonably good reason.
Related to this, is there an easy way to build or define a list of locations so that if a location would be on the list, it can send an email or log an alert to system and network administrators to let them know of such interest? I'm trying to figure out an efficient way to build the list and have t checked by NPM (maybe NTA) and use the results from the alerts to help us modify the list to help with access control. I think if the alert or event would be triggered, it shouldn't be too hard to get it into a report. If this would be better suited to NTA, feel free to move it to the appropriate location.
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community.
More than 150,000 members are here to solve problems, share technology and best practices, and directly
contribute to our product development process.