Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi all,Am I missing something really simple? Is there a way to see the source of a failed login attempt in the authentication logs on an IronPort C150?For instance: Wed Jan 6 10:57:39 2010 Info: User XXX failed authentication.
Hey all,Trying to get a content filter to quarantine anything coming from a .ru or .cz domain. I thought the following would do the trick:if (mail-from == "\\.(ru|cz)$") { quarantine ("Policy"); } However, stuff from these domains is still getting t...
Hey all,Been seeing a bunch of these messages over the past week in the logs:Sun Apr 26 23:21:40 2009 Warning: Dropping connection due to potential Directory Harvest Attack from host=('xxxxxxxx, None), dhap_limit=1, sender_group=INVALID_DNS, listener...
Hi Fraidoon,Ahhhh, that makes sense. So simply look at the time of successful/unsuccessful login attempt in the Authentication log and try to see if there's a matching entry in either the CLI or GUI log for more information?
Hiya Peter,Yeah, we did that and committed the changes. Only no additional information was shown in the log. Thus my message above "It would seem that this is not a possibility." I guess I was just hoping that I was missing something really stupid...
It's the authentication logs. #4 as seen in the pic below. Typical lines of output will say:Fri Jan 29 04:13:14 2010 Info: User XXX failed authentication.Fri Jan 29 08:10:21 2010 Info: User XXX was authenticated successfully.But nothing else. Seem...
