[j-nsp] SSG

Sidney Boumendil sidney.boumendil at gmail.com
Mon Sep 1 05:24:53 EDT 2008


On 9/1/08, SunnyDay <cscosunny at gmail.com> wrote:
> Hello
>
> Is there anyway to log failed login attempts to SSG firewalls?

Failled login should appear in the event log:
2008-09-01 10:46:56  warning Admin user "netscreen" login attempt for
Web(http) management (port 80) from x.x.x.x:62851 failed.
2008-09-01 10:46:56  warning Admin user netscreen has been rejected
via the TACACS server at x.x.x.x.
2008-09-01 10:46:54  warning ADM: Local admin authentication failed
for login name netscreen: invalid password

In case of multiple login failure a critical event is raised:
2008-09-01 11:01:20 crit Multiple login failures occurred for user a
from IP address x.x.x.x:62913

These messages can be sent to NSM and a syslog server. Critical events
can also raise a snmp trap.

Sidney


More information about the juniper-nsp mailing list