Showing results for 
Search instead for 
Did you mean: 

Login Attempt Source Address?

Level 1
Level 1

Hi all,

Am I missing something really simple?  Is there a way to see the source of a failed login attempt in the authentication logs on an IronPort C150?

For instance:  Wed Jan  6 10:57:39 2010 Info: User XXX failed authentication.

20 Replies 20

I think nothing is logged in the cli or gui logs. If there is please let us know via this.


CLI example:

Fri Jan 29 09:28:27 2010 Info: PID 93074: User admin login from on

GUI example:

Fri Jan 29 15:30:19 2010 Info: req: user:- id:eKV0321MgmA92WAlrkJb 200 GET /login HTTP/1.1 Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6

Are there also entries about failed logons?


You may want to look at external authentication. although this would be involving other aspect.

But most radius and ldap server will log failed attempts when configured properly.

And yes, Ironport should also provide this, even without external authentication.

Yes it will also log failed attempts.

Successful logins and their source IP are recorded in the cli_logs and gui_logs

Successful and unsuccessful logins are recorded in the authentication log.  However the source IP os not recorded.

The source IP of unsuccessful logins is recorded in one of the private log files.  There is probably a bug/FR for this to be visible appear in authentication logs.  Raise a ticket with Customer Support and nudge your SE.