Management Software

Reply
Occasional Contributor
Posts: 5
Registered: ‎01-23-2015

Creating alert for root login

[ Edited ]

Greetings: using BA 12.1 on linux.  Discovered all my foundry/brocade devices.  Configured network-devices authentication with radius and snmpv3.  It all works fine.  Configs are backed-up by BA and I can "push" cli commands and more.  I get routine syslog alerts so I know email is working too (I simply enabled email of emergency syslog messages).

 

Problem: I want to create a simple alert for "root access" to any of the devices (routers/switches).  As I am using Radius with A/D, there is no need to use root.  As much as I have tried, I cannot get BA to "fire" alert for root login.  What I have done is:

 

Create event-action using custom event and "Description Contains" rejected (or SSH login root - or anything that appears in the console log entry for the root login attempt.  It just doesn't work.  

 

Documentation is not all that bad but not all that great either and I am used to google for answers with Cisco/Juniper/etc.  Can't find anything.

 

Any advice from anyone would be greatly appreciated

Occasional Contributor
Posts: 5
Registered: ‎01-23-2015

Re: Creating alert for root login

[ Edited ]

I actually figured out a way using the results of the syslog entries that are passed to BA from the device when user authorization fails (be it root or someone trying to run a dictionary attack with various combinations of users/passwords). I simply added a search condition that looks for "rejected" which is in the syslog message.  When found I set-up to send an email.

 

Regarding "traps" I still cannot figure out why I am not getting them

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.