Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2334
Views
0
Helpful
4
Replies

RTMT Error :SeverityMatch - Alert sshd(pam_unix)[21789]

Velu Sanjeevirayan
Level 1
Level 1

‎09-15-2013 09:08 PM - edited ‎03-16-2019 07:22 PM

CUCM System version: 7.1.3.30000-1.

Please someone could help me for the below query.

I am getting below RTMT Alret,need to know what is the cause and how do i troubleshoot the case.

"The following SyslogSeverityMatchFound events generated: SeverityMatch - Alert sshd(pam_unix)[21789]: check pass; user unknown SeverityMatch - Critical sshd[21798]: fatal: Read from socket failed: Connection reset by peer SeverityMatch - Alert sshd(pam_unix)[21801]: check pass; user unknown SeverityMatch - Critical sshd[21802]: fatal: Read from socket failed: Connection reset by peer SeverityMatch - Critical sshd[21805]: fatal: Read from socket failed: Connection reset by peer"

  • This message is triggered from 4 nodes: 1 PUB and 3 SUB.
  • This alerts triggering always at AM timing.

Thanks and Regards,

Velu S

3 people had this problem
Labels:
0 Helpful
4 Replies 4

Suresh Subramanian
Level 7
Level 7

‎09-16-2013 02:06 AM

Hello Velu,

is your cluster behind firewall? is it scanned by any of the security device? if so, then you  will be getting this alert during the scanning time.

//Suresh Please rate all the useful posts.
0 Helpful

Velu Sanjeevirayan
Level 1
Level 1
In response to Suresh Subramanian

‎09-16-2013 03:01 AM

Hi Suresh,

Thanks for your reply on this,

  • my cluster doesn't have any firewall.
  • we are not monitoring Cisco IPT Cluster with security devices.

More to add in this.

  • We have CDR configured and Scheduled backup.is this will be the cause for this.?

What i have observed.

  • Today i have tried to occur same incident for my confirmation as per the description of the error.i have tried login with wrong user name and wrong password..Got Success in getting the alert again.(so my understaing from this practice some one trying to access the server)

My Query:

  • Why this was occurred on all the Nodes in the cluster at the same time?
  • Is there any internal nodes communication issue ?/ Really someone is trying to access ?
  • Is there any way to check who was trying to login with wrong user name and password?

Please Help.

Regards,

Velu S

0 Helpful

Rachelle Cassetta
Level 1
Level 1
In response to Velu Sanjeevirayan

‎11-22-2013 11:32 AM

Could you provide an update?  What did you isolate this message to?  What was your corrective action?

Thank you for as much detail as possible.

Cheers,

Rachelle

0 Helpful

rahulkanhirode
Level 1
Level 1

‎11-30-2015 11:13 PM

the following SyslogSeverityMatchFound events generated: SeverityMatch - Critical sshd[10511]: fatal: Read from socket failed: Connection reset by peer SeverityMatch - Critical sshd[10516]: fatal: Read from socket failed: Connection reset by peer SeverityMatch - Critical sshd[10520]: fatal: Read from socket failed: Connection reset by peer SeverityMatch - Critical sshd[10513]: fatal: Read from socket failed: Connection reset by peer SeverityMatch - Critical sshd[10554]: fatal: Read from socket failed: Connection reset by peer SeverityMatch - Critical sshd[10560]: fatal: Read from socket failed: Connection reset by peer SeverityMatch - Critical sshd[10565]: fatal: Read from socket failed: Connection reset by peer SeverityMatch - Critical sshd[10572]: fatal: Read from socket failed: Connection reset by peer SeverityMatch - Critical sshd[10578]: fatal: Read from socket failed: Connection reset by peer

Please someone could help me for the below query.

0 Helpful
Customers Also Viewed These Support Documents