We have a C4948E switch which is generating the following logs every ten minutes:
May 28 12:44:13 UTC: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: Username: -40.0] [Source: 0.0.0.0] [localport: 0] [Reason: Login Authentication Failed] at 12:44:13 UTC Tue May 28 2013
May 28 12:44:59 UTC: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: ] [Source: 0.0.0.0] [localport: 0] [Reason: Login Authentication Failed] at 12:44:59 UTC Tue May 28 2013
We have a terminal server (C2901) set up with reverse ssh to all the devices including the above C4948E. Can this be the one to initiate the logins?
The IOS of both devices is as below:
C4948E - cat4500e-entservicesk9-mz.151-1.SG.bin
C2901 - c2900-universalk9-mz.SPA.152-3.T.bin
I am unable to identify what is triggering the above logs to be created.
Any help to resolve this would be appreciated.
Your 2901 log should indicate what remote user/system is logging in to access the 4848. A 10 minute periodicity certainly sounds like a program-initiated activity. Perhaps a configuration management tool like Rancid or such with incorrect credentials configured?
I have updated the IOS of the Cisco 2901 Terminal Server and since then the logs have stopped. It looks like there is some bug in the IOS, may be?