Solved: Re: Is this possible, or did someone manipulate log-- "192.168.19

Mic_Jameson · ‎02-28-2022

Hello, I have been ordered to troubleshoot an inability of a Cisco 9500-- IOS XE Version 17.03.01 to communicate with monitored devices, yet the log seems edited...

Device ‘a’, Authentication failed for request from 192.168.197.639.
Device ‘b’, Authentication failed for request fram '192.168.197.63
Device ‘c’. Authentication falled for request from 192. 168.197.62.
Device "192,168,197. 1’, Authentication failed for request from 192.168.197.563

==> note the impossible values 639 and 563 in 4th octets. Also misspellings "fram" and "falled"

Is this log even possible, or did someone manipulate log?

Thank you.

MicJameson · ‎02-28-2022

After reflection, I'm convinced the sender of this log manipulated it to hide the details of his network to unauthorized users.

Obviously a ridiculous idea to send this to a network engineer in the aim of solving a problem, but it's the only reasonable solution. (I'd delete the thread, but it seems I am unable to do so.)

View solution in original post

Scott Fella · ‎02-28-2022

It can be a bug. Search the bug tool kit or open a tac case.

-Scott
*** Please rate helpful posts ***

Haydn Andrews · ‎02-28-2022

Did you mean 9800 or the 9500. If its the 9500 might get more luck in the switching forums

*****Help out other by using the rating system and marking answered questions as "Answered"*****
*** Please rate helpful posts ***

MicJameson · ‎02-28-2022

After reflection, I'm convinced the sender of this log manipulated it to hide the details of his network to unauthorized users.

Obviously a ridiculous idea to send this to a network engineer in the aim of solving a problem, but it's the only reasonable solution. (I'd delete the thread, but it seems I am unable to do so.)

Is this possible, or did someone manipulate log-- "192.168.197.639"?