EMS日志会报告已锁定vsadmin的事件security.invalid.login
- Views:
- 11
- Visibility:
- Public
- Votes:
- 0
- Category:
- ontap-9
- Specialty:
- core<a>2008698220</a><a>进行翻译</a>
- Last Updated:
适用场景
- ONTAP 9
- ONTAPI
- SnapDrive
问题描述
- 从外部系统获取有关登录尝试的通知警报:
EMS.LOG.GZ
security.invalid.login: Failed to authenticate login attempt to Vserver: svm_data, username: vsadmin, application: ontapi
在CLI中:Cluster-01::> event log show -message-name security.invalid.login Time Node Severity Event ------------------- ---------------- ------------- --------------------------- 3/22/2021 08:00:07 Cluster-01 ALERT security.invalid.login: Failed to authenticate login attempt to Vserver: svm_data, username: vsadmin, application: ontapi.
- 确定登录尝试失败的IP地址和用户
security audit log show
Cluter-01::> security audit log show -timestamp "3/22/2021 08:00:07" Time Node Audit Message ------------------------ ----------- ----------------------- Mon Mar 22 08:00:07 2021 Cluster-01 [kern_audit:info:2345] 8503e800002b7bbe :: Cluster-01:ontapi :: 10.10.10.1:10101 :: svm_data:vsadmin :: Login Attempt :: Error: Error: Account currently locked. Contact the storage administrator to unlock it. Mon Mar 22 08:00:07 2021 Cluster-01 [kern_audit:info:2345] 8503e800002b7bbe :: Cluster-01:ontapi :: 10.10.10.1:10101 :: svm_data:vsadmin :: Login Attempt :: Error: Authentication failed. Mon Mar 22 08:00:07 2021 Cluster-01 [kern_audit:info:8617] 8503e800002b7bbe :: Cluster-01:ontapi :: 10.10.10.1:10101 :: svm_data:vsadmin :: POST /servlets/netapp.servlets.admin.XMLrequest_filer HTTP/1.1 :: Error: 401 Unauthorized 3 entries were displayed.
- 使用vsadmin用户标识为SnapDrive 的IP