Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. nsp>
  3. foundry
[MLX] - Disable snmp-auth-failure logging
madamczewski at eurafibre
May 16, 2017, 11:53 PM
Post #1 of 3 (1204 views)
Permalink
Hello everyone,

I would like to know if it is possible to make my MLX forget messages in
logs when an unauthorized IP tries to connect to my equipment.

Because I have in my logs I constantly this kind of message:

May 15 10:05:51: I: Security: SNMP access from src IP 185.35.62.142
rejected, 1 attempt (s)
May 15 10:05:36: I: Security: SNMP access from src IP 185.35.62.158
rejected, 1 attempt (s)
May 15 10: 04: 58: I: Security: SNMP access from src IP 185.35.62.134
rejected, 1 attempt (s)
May 15 10:04:46: I: Security: SNMP access from src IP 185.35.62.206
rejected, 1 attempt (s)
May 15 10: 03: 33: I: Security: SNMP access from src IP 185.35.62.24
rejected, 1 attempt (s)
May 15 10: 03: 21: I: Security: SNMP access from src IP 195.202.146.2
rejected, 98 attempt (s)
May 15 10: 03: 08: I: Security: SNMP access from src IP 185.35.62.230
rejected, 1 attempt (s)
May 15 10: 03: 01: I: Security: SNMP access from src IP 185.35.62.96
rejected, 1 attempt (s)

Except I have set up rules in SNMP to allow only the IP of my monitoring
servers and I have an ACL forbidding all the IP that I don't know.

I also applied the "no logging enable snmp-auth-failure" command to tell
me that this should match my need but nothing to do that does not work.

Has anybody ever gone through that kind of question? If yes, is there a
solution?

Best Regards.
Re: [MLX] - Disable snmp-auth-failure logging [ In reply to ]
lists at openunix
May 17, 2017, 1:06 AM
Post #2 of 3 (1204 views)
Permalink
On Wed, May 17, 2017 at 08:53:37AM +0200, Mathieu Adamczewski wrote:
> Hello everyone,
>
> I would like to know if it is possible to make my MLX forget messages in
> logs when an unauthorized IP tries to connect to my equipment.
>
> Because I have in my logs I constantly this kind of message:
>
> May 15 10:05:51: I: Security: SNMP access from src IP 185.35.62.142
> rejected, 1 attempt (s)

We see those messages in the logs for years now.
While I initially thought this is related to a missing snmp filter, the filter
is set correctly. It looks like the ACL in the snmp community statement does
not prevent the packets from hitting the SNMP server (other than the ssh
filters) and the SNMP server logs those messages.

_______________________________________________
foundry-nsp mailing list
foundry-nsp@puck.nether.net
http://puck.nether.net/mailman/listinfo/foundry-nsp
Re: [MLX] - Disable snmp-auth-failure logging [ In reply to ]
bengelly at gmail
May 17, 2017, 1:10 AM
Post #3 of 3 (1204 views)
Permalink
It is my belief Mathieu got his answer :

https://community.brocade.com/t5/Ethernet-Switches-Routers/MLX-Disable-snmp-auth-failure-logging/td-p/92444

HTH.



2017-05-17 10:06 GMT+02:00 Franz Georg Koehler <lists@openunix.de>:

> On Wed, May 17, 2017 at 08:53:37AM +0200, Mathieu Adamczewski wrote:
> > Hello everyone,
> >
> > I would like to know if it is possible to make my MLX forget messages in
> > logs when an unauthorized IP tries to connect to my equipment.
> >
> > Because I have in my logs I constantly this kind of message:
> >
> > May 15 10:05:51: I: Security: SNMP access from src IP 185.35.62.142
> > rejected, 1 attempt (s)
>
> We see those messages in the logs for years now.
> While I initially thought this is related to a missing snmp filter, the
> filter
> is set correctly. It looks like the ACL in the snmp community statement
> does
> not prevent the packets from hitting the SNMP server (other than the ssh
> filters) and the SNMP server logs those messages.
>
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp@puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp
>

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal