Question & Answer
Question
Answer
- Open the LMI and go to Review Analysis and Diagnostics > Logs > System Logs.
- Use the System Logs Filter option if you want to use a Filter Criteria to search for a specific time or text.
Depending if the access was via SSH or LMI ,there are two types of log entries recorded. The following is the description for each one:
Failed login attempt via SSH session:
The System Log will show an entry similar to the following:
sshd[pid#]: pam_unix_auth(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ip_address user=username
The rhost field shows the IP address of the remote system that failed to log in.
Failed login attempt via LMI session:
The System Log will show an entry similar to the following:
sshd[pid#]: pam_unix_auth(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=
ip_address
user=
username
The message above will only provide a username, not an IP address. In order to locate the IP address, you must access the GX appliance via SSH and open the /cache/log/apache2/access_log_lmi
file with a text editor. When a user attempts to log in to the LMI and fails, a message similar to the one below will appear in that file:
applianceName:443
ip_address - -
[06/Aug/2015:11:31:04 -0400] "GET / HTTP/1.1" 401
The ip_address field will provide the remote host that attempted to log in.
Was this topic helpful?
Document Information
Modified date:
21 March 2022
UID
swg21964016