wouldn't the IP of the host it speaks of in the logs? or does it just say "failed log in from somewhere out on the network"…?
my logs have a src… %SEC-6-IPACCESSLOGP: list denied tcp 88.243.16.148(3900) -> 10.142.7.1(23), 1 packet -g On Feb 23, 2011, at 2:40 PM, Alan Buxey wrote: > hi, > > okay...i appear to have mislaid some memory cells over the past month > which coincides with a major bout of unable to drive google/bing or cisco.com > properly(!) ;-) > > basically, auth logs show a device somewhere is trying to log into > some switches with wrong user/pass..... and I cant recall/dig how to > debug on the switch to see what IP is causing the mischief > > the obvious 'debug telnet' only debugs the negotiation/method/junk > rather than provide anything useful....any chance someone can throw > me a line to jog my memory on this score? > > cheers > > alan > _______________________________________________ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ -- This message and any attachments may contain confidential and/or privileged information for the sole use of the intended recipient. Any review or distribution by anyone other than the person for whom it was originally intended is strictly prohibited. If you have received this message in error, please contact the sender and delete all copies. Opinions, conclusions or other information contained in this message may not be that of the organization. _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
