This is the C program (hare) and the Python daemon (hared) for this story.
hare is a small utility which is installed in a PAM configuration (e.g. for sshd) in order to log when a successful login is attempted, e.g. to alert on machines which are seldom visited or otherwise monitored.
hare transmits a JSON string over a UDP datagram. The JSON looks like this:
{
"tty": "tty1",
"service": "login",
"hostname": "zabb01",
"user": "jjolie",
"tst": 1522154553,
"rhost": "<unknown>",
"remote" : "10.0.12.1"
}The values for user, rhost, tty, and service are set from PAM from their PAM_ equivalents, and hostname will contain the gethostname(3) result as determined by hare. remote is the IP address of the hare client as seen by hared.
Python hared is also installable via https://pypi.python.org/pypi/hared/