cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
244
Views
45
Helpful
3
Replies
Mic_Jameson
Beginner

Is this possible, or did someone manipulate log-- "192.168.197.639"?

Hello, I have been ordered to troubleshoot an inability of a Cisco 9500-- IOS XE Version 17.03.01 to communicate with monitored devices, yet the log seems edited...

 

Device ‘a’, Authentication failed for request from 192.168.197.639.
Device ‘b’, Authentication failed for request fram '192.168.197.63
Device ‘c’. Authentication falled for request from 192. 168.197.62.
Device "192,168,197. 1’, Authentication failed for request from 192.168.197.563

 

==> note the impossible values 639 and 563 in 4th octets. Also misspellings "fram" and "falled"

 

Is this log even possible, or did someone manipulate log?

 

Thank you.

1 ACCEPTED SOLUTION

Accepted Solutions
MicJameson
Beginner

After reflection, I'm convinced the sender of this log manipulated it to hide the details of his network to unauthorized users.

 

Obviously a ridiculous idea to send this to a network engineer in the aim of solving a problem, but it's the only reasonable solution. (I'd delete the thread, but it seems I am unable to do so.)

View solution in original post

3 REPLIES 3
Scott Fella
Hall of Fame Guru

It can be a bug.  Search the bug tool kit or open a tac case.

-Scott
*** Please rate helpful posts ***
Haydn Andrews
Collaborator

Did you mean 9800 or the 9500. If its the 9500 might get more luck in the switching forums

*****Help out other by using the rating system and marking answered questions as "Answered"*****
*** Please rate helpful posts ***
MicJameson
Beginner

After reflection, I'm convinced the sender of this log manipulated it to hide the details of his network to unauthorized users.

 

Obviously a ridiculous idea to send this to a network engineer in the aim of solving a problem, but it's the only reasonable solution. (I'd delete the thread, but it seems I am unable to do so.)

Create
Recognize Your Peers
Content for Community-Ad