An alternative parser/notifier tool to send notifications when specific strings show up in user input or output streams.
Designed as an alternative to using bro, and the isshd_policy policies. Not that they're bad. I just had some stability issues with bro, and since my use case was a much smaller scope, I decided a rewrite wouldn't be that bad.
This solution still uses the instrumented SSHd, and ssllogmux, to transport the events to the parsing nodes.