EF & E-Series, SANtricity, and Related Plug-ins
EF & E-Series, SANtricity, and Related Plug-ins
So, recently, on an EF570, we get "given IP address has attempted too many invalid logins" events.
Following this guide:
We collected the trace buffer logs, but just how are you supposed to read this?
The output is not plaintext nor xml nor anything readable, so probably needs some decoding?
How to handle these logs?
Solved! See The Solution
There is an alternative method to determine the client IP address that is attempting to login with incorrect password. Once you are able to login into the SANtricity System Manager Web-UI, you can view and audit logins under Settings > Access Management > Audit Log
If you are using Unified Manager, it is possible that it has the wrong password configured.
Hi there! I've moved your topic to the E-Series forum. My reading suggests they should be plaintext - can you put them on a unix/linux system and run file on them to find out? maybe they're compressed?
Hi Alex, thx for the move.
I actually did try on *nix, but file identifies this just as "data", also tried hexdump but no success.
Uncompressed Files, from crtl A&B, are actually quite large (~600MB) and a chore to parse...
Hello,
As a NetApp Support engineer, the only way I know how to parse the trace buffers is to use an internal parser tool that Support has. I do not know a public facing way to parse them.
If you open a technical case with NetApp Support, we can help you parse the logs and figure out which IP is triggering the invalid logins.
Did just open a case, lets see how this works out.
There is an alternative method to determine the client IP address that is attempting to login with incorrect password. Once you are able to login into the SANtricity System Manager Web-UI, you can view and audit logins under Settings > Access Management > Audit Log
If you are using Unified Manager, it is possible that it has the wrong password configured.
Hello ahmadm,
this actually worked, thanks for pointing it out.
Should be mentioned in the kb article.
@gfz-marco Thank you for sharing this update and feedback.
We will follow up and update the KB article to include those steps.