Reviewing SSH Activity using Elastic Search / Kibana

Keeping an eye on your server’s SSH activity from time to time is recommended. I created a dashboard using Kibana/Elastic Search to quickly review and potentially identify any suspicious activity. It is available on github (

It is split into two sections. One sections gives you the general SSH Activity (e.g. failed login attemps). The section on the right gives you the amount of created root sessions.
Next I will setup Fail2Ban and see how this influences the statistics.