Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2918
Views
0
Helpful
1
Replies

how to disable auth failed rtmt alert

vijendra Saravanamuthu
Level 3
Level 3

‎03-02-2012 12:10 PM - edited ‎03-16-2019 09:54 AM

if i log into DRS site or OS admin site using a wrong password i am getting an RTMT alert

At Fri Mar 02 14:44:16 EST 2012 on node 1.1.1.1, the following SyslogSeverityMatchFound events generated:

SeverityMatch : Alert

MatchedEvent : Mar 2 14:44:00 XXXXXXXX authpriv 1 procAuth: pam_unix(system-auth:auth): check pass; user unknown AppID : Cisco Syslog Agent ClusterID :

NodeID : XXXXXXXX

TimeStamp : Fri Mar 02 14:44:00 EST 2012

SeverityMatch : Critical

MatchedEvent : Mar 2 14:44:00 XXXXXXXX authpriv 2 procAuth: pam_succeed_if(system-auth:auth): error retrieving information about user cucadministrator AppID : Cisco Syslog Agent ClusterID :

NodeID : XXXXXXXX

TimeStamp : Fri Mar 02 14:44:01 EST 2012

as you can see the sent from the alert name called "SyslogSeverityMatchFound". this alert name also send alerts such as ntp related, or services down and much more.  so i cannot (or dont want to) disable this in the rtmt alert central.  so my question is how would i go about disabling this such authentication failure alert which i dont want to receive at all. there is also an alertname called "authenticationfailed" in the alert cetnral section of rtmt . i have disabled that already. however that doesnt stop this msg.

thanks

vijay

Labels:
0 Helpful
1 Reply 1

Vipul Jindal
Cisco Employee
Cisco Employee

‎03-02-2012 06:10 PM

this alert is for security to check who is trying to acces your system,

i dont think there is way to stop them.

thanks,

Vipul Jindal

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents