I wonder if any of you experts have come across this error before ?.
I have a customer that is getting this alarm 3 times a day on all three call Managers in the 3 node cluster at exactly the same time. running CM V7.0
SyslogSeverityMatchFound events generated: SeverityMatch - Alert sshd(pam_unix): check pass; user unknown
I have seen this discussed in the past but with a different code (6836) . But basically saying somebodsy is logging in with the
wrong SSH id/pswd. The issues is it is on all three nodes at the same time !!!.
My question is :-
will one logon fail replicate to all the nodes in the cluster with this alarm. ??
this is happening 3 times a day and seems too regular to be a random user logon .
Is there anything else that could be causing this alarm (any automated process of any sort ??.
Any help appreciated.