Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX] How to generate SNMP traps for login authentication failures

0

0

Article ID: KB23652 KB Last Updated: 27 Dec 2018Version: 2.0
Summary:
This article provides information on how to generate the SNMP traps for authentication failures. This uses Event options pre-defined events for login failure:
 
  • sshd_login_failed

  • login_failed

  • login_pam_authentication_error 
Symptoms:
To provide more security and authentication, SNMP traps can be generated to the Management Host/Server; in the event of incorrect user credentials being used to SSH or Telnet to a SRX device.
Solution:
You can generate SNMP traps and intimate the Management Device of failed attempts to SSH or Telnet to a SRX device. The following device configuration can be used to generate the SNMP Traps for authentication failures. It uses a SSH user as an example.

Trap configuration
# show snmp
community public {
     authorization read-write;
     clients {
         192.168.1.0/24;
     }
}
trap-group t1 {
     destination-port 172;
     categories {
         rmon-alarm;
     }
targets {
    192.168.1.2;
}
}

Event Policy configuration
# show event-options
policy p1 {
     events [ sshd_login_failed login_failed login_pam_authentication_error ];
     then {
         raise-trap;
     }
}
The corresponding log messages are seen in the syslog file messages, as shown below:
show log messages
.
.
sshd[2952]: Accepted password for root from 192.168.1.2 port 1430 ssh2 <<< Successful login
login: Login attempt for user abc from host 192.168.1.2
login[2970]: LOGIN_PAM_AUTHENTICATION_ERROR: Failed password for user abc
The text highlighted in red indicates the failed authentication.
Modification History:
2018-12-13: Article reviewed for accuracy. No changes made. Article is correct and complete.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search