Knowledge Search


[SRX] How to generate SNMP traps for login authentication failures

  [KB23652] Show Article Properties

This article provides information on how to generate the SNMP traps for authentication failures. This uses Event options pre-defined events for login failure:
  • sshd_login_failed

  • login_failed

  • login_pam_authentication_error 
To provide more security and authentication, SNMP traps can be generated to the Management Host/Server; in the event of incorrect user credentials being used to SSH or Telnet to a SRX device.
You can generate SNMP traps and intimate the Management Device of failed attempts to SSH or Telnet to a SRX device. The following device configuration can be used to generate the SNMP Traps for authentication failures. It uses a SSH user as an example.

Trap configuration
# show snmp
community public {
     authorization read-write;
     clients {;
trap-group t1 {
     destination-port 172;
     categories {
targets {;

Event Policy configuration
# show event-options
policy p1 {
     events [ sshd_login_failed login_failed login_pam_authentication_error ];
     then {
The corresponding log messages are seen in the syslog file messages, as shown below:
show log messages
sshd[2952]: Accepted password for root from port 1430 ssh2 <<< Successful login
login: Login attempt for user abc from host
login[2970]: LOGIN_PAM_AUTHENTICATION_ERROR: Failed password for user abc
The text highlighted in red indicates the failed authentication.
Modification History:
2018-12-13: Article reviewed for accuracy. No changes made. Article is correct and complete.
Related Links: