Fibre Channel (SAN)

Reply
Occasional Contributor
Posts: 12
Registered: ‎08-04-2009

[SEC-1193], 2,, INFO, cdprswitch03, Security violation: Login failure attempt via HTTP.

Hi,

I am getting this message every 5 Seconds in Logs .

Any idea ?

Thanks - Rahul

Super Contributor
Posts: 644
Registered: ‎03-01-2007

Re: [SEC-1193], 2,, INFO, cdprswitch03, Security violation: Login failure attempt via HTTP.

SEC-1193

Probable Cause

Indicates a specified login security violation was reported. The incorrect password was used while trying to log in through the specified

connection method; the login failed.

Recommended Action
The error message lists the violating IP address. Verify that this IP address is being used by a valid switch admin. Use the correct password.

Occasional Contributor
Posts: 12
Registered: ‎08-04-2009

Re: [SEC-1193], 2,, INFO, cdprswitch03, Security violation: Login failure attempt via HTTP.

I am using that IP, but there are no connections from IP to switch.

still there are logs every 3/5 seconds.

Super Contributor
Posts: 644
Registered: ‎03-01-2007

Re: [SEC-1193], 2,, INFO, cdprswitch03, Security violation: Login failure attempt via HTTP.

Have you probable saved the username and password into any external Tool / Application which is running in backround ?

Delete all Browser Cache and is necessary cookies, and try again.

Occasional Contributor
Posts: 12
Registered: ‎08-04-2009

Re: [SEC-1193], 2,, INFO, cdprswitch03, Security violation: Login failure attempt via HTTP.

no, I have not saved password in any tool !

I have also tried clearing browser cache & cookies.

Super Contributor
Posts: 260
Registered: ‎04-09-2008

Re: [SEC-1193], 2,, INFO, cdprswitch03, Security violation: Login failure attempt via HTTP.

I just mentioned here in another post to help someone track changes - I quote from FOS admin guide

1. Connect to the switch and log in using an account assigned to the admin role.
2. Enter the trackChangesSet 1 command to enable the track changes feature.
A message displays, verifying that the track changes feature is on:
switch:admin> trackchangesset 1
Committing configuration...done.
3. View the log using the commands errDump |more to display a page at a time or errShow to
view one line at a time.
2008/10/10-08:13:36, , 5, FID 128, INFO, ras007, Successful login
by user admin.

As ABBA mentioned, its some script or program deployed by you or your predecessors thats trying to login. With track changes you might be able to find which user is trying to login. Do this only if you have multiple users. Once you find the user, check if you can delete it.

Else change the ip-address of the switch.

Regards,

Biju Krishnan

TechHelp24

Email: bkrishnan@techhelp24.com

Site: www.techhelp24.com

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.