My team and I are attempting to monitor failed SSH attempts via the console.
At this time, upon successful SSH authentication, the following system events are being generated:
2021.03.29 12:34:19 OPERATING_SYSTEM.SESSION User login cody.hill OK level [1] on portal SSH 0 (10.0.0.0:52675)
2021.03.29 12:34:19 OPERATING_SYSTEM.SESSION User cody.hill ENABLE OK level 1on portal SSH 0 (10.0.0.0:52675)
However, no event is syslog event is thrown when unauthorized credentials are used to SSH into the device (I.E username: fakeuser / password: fakepass)
I have found syslog outputs on the web similar to the one found below, which is exactly what we are attempting to achieve:
2015.06.08 21:26:24 OPERATING_SYSTEM.SESSION User fakeuser attempt FAILED on portal SSH 0 (10.0.0.0:28146)
Is there a command / log level that needs to be used in order to monitor failed SSH attempts with an output similar to the event generated here?
