Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

RTMT Alert SeverityMatch : Critical pam_succeed_if(sshd:auth): error retrieving information about user mlm AppID : Cisco Syslog Agent ClusterID :

SeverityMatch : Critical

MatchedEvent : Jan  2 07:22:47 CUC02 authpriv 2 sshd[29949]: pam_succeed_if(sshd:auth): error retrieving information about user mlm AppID : Cisco Syslog Agent ClusterID : 

NodeID : CUC02

TimeStamp : Thu Jan 02 07:22:48 CST 2014.

I am recieving following alerts, anyway to stop it, or any impact

Everyone's tags (2)
6 REPLIES

Re: RTMT Alert SeverityMatch : Critical pam_succeed_if(sshd:auth

Hi,

The error is received if you log into DRS site, OS admin site or console via SSH using a wrong password.

Regards

Please remember to rate useful posts clicking on the stars below.
Favor calificar todos las respuestas útiles dando click en las estrellas de mas abajo.
___________________________________________
LinkedIn Profile: do.linkedin.com/in/leosalcie

Please remember to rate useful posts clicking on the stars below. Favor calificar todos las respuestas útiles dando click en las estrellas de mas abajo. ___________________________________________ LinkedIn Profile: do.linkedin.com/in/leosalcie
New Member

HI; I am find information

HI; I am find information whit respect to this error, can´t you helpme to referent this mensage

 

SyslogSeverityMatchFound events generated:  
SeverityMatch : Alert
MatchedEvent : Jul 29 15:21:50 cucm-pub-tri-qro-bansefi-0001 authpriv 1
sshd[1651]: pam_unix(sshd:auth): check pass; user unknown AppID : Cisco
Syslog Agent ClusterID :  
NodeID : cucm-pub-tri-qro-bansefi-0001

 

thanks

New Member

Greetings,If the error is

Greetings,

If the error is received when logging into DRS site - OS admin site or console via SSH using a wrong password, wouldn't you also receive the Authentication Failed syslog?  Unless these are reporting two separate log in errors from different sources.  I'm a bit confused.

 

SeverityMatch : Critical

MatchedEvent : Jan  2 07:22:47 CUC02 authpriv 2 sshd[29949]: pam_succeed_if(sshd:auth): error retrieving information about user mlm AppID : Cisco Syslog Agent ClusterID : 

 

SeverityMatch : Critical

Number of AuthenticationFailed events exceeds configured threshold during configured interval of time 1 within 3 minutes
 on cluster StandAloneCluster.

There are 2 AuthenticationFailed events (up to 30) received during the monitoring interval

 

Any insight is greatly appreciated!  

Thanks in advance,

D

 

Cisco Employee

RTMT Alert SeverityMatch : Critical pam_succeed_if(sshd:auth): e

this alert is for security. pam_succeed_if is designed for suceed or failed authentication and this  alert is a warning that a user tried to login to SSH with invalid credential.

Do you get this alert everyday or two? how frequent you are getting this ? 


Br,
Nadeem 

Please rate all useful post.

Br, Nadeem Please rate all useful post.
New Member

RTMT Alert SeverityMatch : Critical pam_succeed_if(sshd:auth): e

You might want to check with others in I.T. to see if there are any programs on the network that attempt to sign into your systems for security purposes.

I get this alert every other day. It is done by our network / security team’s software. The software attempts to login to the systems using common passwords.

New Member

Re: RTMT Alert SeverityMatch : Critical pam_succeed_if(sshd:auth): e

Is there any way to track the ip address that these attempts were made from or only the user ID that was attempted?

3280
Views
10
Helpful
6
Replies
CreatePlease login to create content