Attention! The Adtran support community will be placed in read-only mode on Monday, January 20th, at 8 AM CST for system maintenance. During this time, new posts, replies, or other content updates will be unavailable. The system will return to normal functionality by 9 AM CST on Tuesday, January 21st. If you encounter any product issues during this read-only period, you can reach out to Adtran support at any time. Thank you!
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
chill_tpx
New Contributor

Troubleshooting / monitoring failed SSH attempts

My team and I are attempting to monitor failed SSH attempts via the console.

At this time, upon successful SSH authentication, the following system events are being generated:

2021.03.29 12:34:19 OPERATING_SYSTEM.SESSION User login cody.hill OK level [1] on portal SSH 0 (10.0.0.0:52675)
2021.03.29 12:34:19 OPERATING_SYSTEM.SESSION User cody.hill ENABLE OK level 1on portal SSH 0 (10.0.0.0:52675)

However, no event is syslog event is thrown when unauthorized credentials are used to SSH into the device (I.E username: fakeuser / password: fakepass)

I have found syslog outputs on the web similar to the one found below, which is exactly what we are attempting to achieve:

2015.06.08 21:26:24 OPERATING_SYSTEM.SESSION User fakeuser attempt FAILED on portal SSH 0 (10.0.0.0:28146)  

Is there a command / log level that needs to be used in order to monitor failed SSH attempts with an output similar to the event generated here?

0 Kudos