05-28-2013 06:37 AM
Hi,
We have a C4948E switch which is generating the following logs every ten minutes:
May 28 12:44:13 UTC: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: Username: -40.0] [Source: 0.0.0.0] [localport: 0] [Reason: Login Authentication Failed] at 12:44:13 UTC Tue May 28 2013
May 28 12:44:59 UTC: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: ] [Source: 0.0.0.0] [localport: 0] [Reason: Login Authentication Failed] at 12:44:59 UTC Tue May 28 2013
We have a terminal server (C2901) set up with reverse ssh to all the devices including the above C4948E. Can this be the one to initiate the logins?
The IOS of both devices is as below:
C4948E - cat4500e-entservicesk9-mz.151-1.SG.bin
C2901 - c2900-universalk9-mz.SPA.152-3.T.bin
I am unable to identify what is triggering the above logs to be created.
Any help to resolve this would be appreciated.
Many thanks
05-28-2013 08:36 PM
Your 2901 log should indicate what remote user/system is logging in to access the 4848. A 10 minute periodicity certainly sounds like a program-initiated activity. Perhaps a configuration management tool like Rancid or such with incorrect credentials configured?
05-29-2013 12:44 PM
Hi Marvin,
I have updated the IOS of the Cisco 2901 Terminal Server and since then the logs have stopped. It looks like there is some bug in the IOS, may be?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: