RTMT Messges

james-amenta · ‎04-20-2015

My RTMT sent alerts in the middle of the night marked critical, however trying to understand what the issue was is a bit tough. Can anyone point me to documentation that explains the RTMT alerts or tell me what this message means?

At Sat Apr 18 03:02:49 EDT 2015 on node CUCMSUB, the following SyslogSeverityMatchFound events generated:

SeverityMatch : Critical

MatchedEvent : Apr 18 03:02:24 CUCMSUB authpriv 2 sshd[19183]: fatal: Read from socket failed: Connection reset by peer [preauth] AppID : Cisco Syslog Agent ClusterID :

NodeID : CUCMSUB

TimeStamp : Sat Apr 18 03:02:24 EDT 2015

Thank you

Leo Salcie Tejeda · ‎04-20-2015

Hi James,

Is CUCM scanned by any of the security device or it's behind a firewall? If so, it will happen every time is scanned.

Regards

__________________________________________________
Please remember to rate useful posts clicking on the stars below.
LinkedIn Profile: do.linkedin.com/in/leosalcie

james-amenta · ‎04-20-2015

The phone system is behind our corporate firewall, however there is no scanning that I am aware of. This is not a normal message, I've been here for a bit over a year and I don't recall seeing anything like this before.

Leo Salcie Tejeda · ‎04-20-2015

That message told you some application tried to connect to CUCM thought SSH. You can proceed to sniffer the CUCM port to be able to confirm what king of application is starting the connection.

Regards

__________________________________________________
Please remember to rate useful posts clicking on the stars below.
LinkedIn Profile: do.linkedin.com/in/leosalcie