Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

RTMT Error :SeverityMatch - Alert sshd(pam_unix)[21789]

CUCM System version: 7.1.3.30000-1.

Please someone could help me for the below query.

I am getting below RTMT Alret,need to know what is the cause and how do i troubleshoot the case.

"The following SyslogSeverityMatchFound events generated: SeverityMatch - Alert sshd(pam_unix)[21789]: check pass; user unknown SeverityMatch - Critical sshd[21798]: fatal: Read from socket failed: Connection reset by peer SeverityMatch - Alert sshd(pam_unix)[21801]: check pass; user unknown SeverityMatch - Critical sshd[21802]: fatal: Read from socket failed: Connection reset by peer SeverityMatch - Critical sshd[21805]: fatal: Read from socket failed: Connection reset by peer"

  • This message is triggered from 4 nodes: 1 PUB and 3 SUB.
  • This alerts triggering always at AM timing.

Thanks and Regards,

Velu S

4 REPLIES

RTMT Error :SeverityMatch - Alert sshd(pam_unix)[21789]

Hello Velu,

is your cluster behind firewall? is it scanned by any of the security device? if so, then you  will be getting this alert during the scanning time.

//Suresh Please rate all the useful posts.
Community Member

RTMT Error :SeverityMatch - Alert sshd(pam_unix)[21789]

Hi Suresh,

Thanks for your reply on this,

  • my cluster doesn't have any firewall.
  • we are not monitoring Cisco IPT Cluster with security devices.

More to add in this.

  • We have CDR configured and Scheduled backup.is this will be the cause for this.?

What i have observed.

  • Today i have tried to occur same incident for my confirmation as per the description of the error.i have tried login with wrong user name and wrong password..Got Success in getting the alert again.(so my understaing from this practice some one trying to access the server)

My Query:

  • Why this was occurred on all the Nodes in the cluster at the same time?
  • Is there any internal nodes communication issue ?/ Really someone is trying to access ?
  • Is there any way to check who was trying to login with wrong user name and password?

Please Help.

Regards,

Velu S

Community Member

RTMT Error :SeverityMatch - Alert sshd(pam_unix)[21789]

Could you provide an update?  What did you isolate this message to?  What was your corrective action?

Thank you for as much detail as possible.

Cheers,

Rachelle

Community Member

the following

the following SyslogSeverityMatchFound events generated: SeverityMatch - Critical sshd[10511]: fatal: Read from socket failed: Connection reset by peer SeverityMatch - Critical sshd[10516]: fatal: Read from socket failed: Connection reset by peer SeverityMatch - Critical sshd[10520]: fatal: Read from socket failed: Connection reset by peer SeverityMatch - Critical sshd[10513]: fatal: Read from socket failed: Connection reset by peer SeverityMatch - Critical sshd[10554]: fatal: Read from socket failed: Connection reset by peer SeverityMatch - Critical sshd[10560]: fatal: Read from socket failed: Connection reset by peer SeverityMatch - Critical sshd[10565]: fatal: Read from socket failed: Connection reset by peer SeverityMatch - Critical sshd[10572]: fatal: Read from socket failed: Connection reset by peer SeverityMatch - Critical sshd[10578]: fatal: Read from socket failed: Connection reset by peer

Please someone could help me for the below query.

1329
Views
0
Helpful
4
Replies
CreatePlease to create content