Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
So, recently, on an EF570, we get "given IP address has attempted too many invalid logins" events.
Following this guide:
We collected the trace buffer logs, but just how are you supposed to read this?
The output is not plaintext nor xml nor anything readable, so probably needs some decoding?
How to handle these logs?
Solved! See The Solution
1 ACCEPTED SOLUTION
gfz-marco has accepted the solution
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There is an alternative method to determine the client IP address that is attempting to login with incorrect password. Once you are able to login into the SANtricity System Manager Web-UI, you can view and audit logins under Settings > Access Management > Audit Log
If you are using Unified Manager, it is possible that it has the wrong password configured.
7 REPLIES 7
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi there! I've moved your topic to the E-Series forum. My reading suggests they should be plaintext - can you put them on a unix/linux system and run file on them to find out? maybe they're compressed?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Alex, thx for the move.
I actually did try on *nix, but file identifies this just as "data", also tried hexdump but no success.
Uncompressed Files, from crtl A&B, are actually quite large (~600MB) and a chore to parse...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
As a NetApp Support engineer, the only way I know how to parse the trace buffers is to use an internal parser tool that Support has. I do not know a public facing way to parse them.
If you open a technical case with NetApp Support, we can help you parse the logs and figure out which IP is triggering the invalid logins.
Team NetApp
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Did just open a case, lets see how this works out.
gfz-marco has accepted the solution
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There is an alternative method to determine the client IP address that is attempting to login with incorrect password. Once you are able to login into the SANtricity System Manager Web-UI, you can view and audit logins under Settings > Access Management > Audit Log
If you are using Unified Manager, it is possible that it has the wrong password configured.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello ahmadm,
this actually worked, thanks for pointing it out.
Should be mentioned in the kb article.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@gfz-marco Thank you for sharing this update and feedback.
We will follow up and update the KB article to include those steps.