1. Overview
  2. Getting started
  3. Navigating the dashboard

Navigating the dashboard

The SSHwatch dashboard provides visibility into SSH activity across all monitored servers. This interface allows you to view connection logs, identify security events, and manage your SSH monitoring settings. The dashboard organizes information into statistical overviews, detailed logs, and security assessments to help administrators track and respond to SSH activity. This guide explains the dashboard's layout and functionality to help you effectively use the monitoring system.

Key Statistics

At the top of your dashboard, you'll find four important metrics:

  1. Total Logs

    • Shows all SSH events recorded
    • Updates in real-time as new events occur

  2. High Risk Events

    • Highlights potentially dangerous login attempts
    • Click to filter and view only high-risk events

  3. Failed Attempts

    • Shows unsuccessful login attempts
    • Helps identify potential brute force attacks

  4. Unique IPs

    • Number of different IP addresses attempting connections
    • Useful for identifying unusual access patterns

Main Controls

Search and Filters

  • Search Box: Search logs by any keyword, IP, or username
  • Risk Level Filter: View events by:
    • High Risk
    • Medium Risk
    • Low Risk
    • All Risk Levels
  • Time Period Filter: Filter by:
    • Last 24 Hours
    • Last 7 Days
    • Last 30 Days
    • All Time
  • Clear Filters: Reset all search and filter settings

Action Buttons

  • Refresh: Update the dashboard with latest data
  • Export: Download logs as CSV
  • Add Server: Set up monitoring for a new server

Main Tabs

1. Logs Tab

  • Displays detailed event history
  • Shows timestamp, server, username, IP, and risk level
  • Click any log entry to view:
    • Full connection details
    • IP location with map
    • Security assessment
    • Risk score and reasons
    • Block commands for suspicious IPs

2. Security Assessment Tab

  • Overall security status
  • Critical security recommendations
  • Vulnerability listings
  • Server-specific security insights

User Menu

Click your email address in the top right to access:

  1. Account Information

    • View your account details
    • Manage API keys
    • Update personal information

  2. Subscription Settings

    • View current plan
    • Manage subscription
    • View payment history

  3. Alert Configuration

    • Set up custom alerts
    • Configure alert conditions
    • Manage notification preferences

  4. Webhook Setup

    • Configure webhook URLs
    • Test webhook delivery
    • View webhook history

Best Practices

  1. Regular Monitoring

    • Check high-risk events daily
    • Review failed attempts periodically
    • Monitor unique IP patterns

  2. Using Filters Effectively

    • Combine filters for detailed analysis
    • Save common search patterns
    • Export filtered data for reports

  3. Security Response

    • Investigate high-risk events promptly
    • Use provided block commands when needed
    • Configure alerts for critical events
Was this article helpful?