The Ribbon SBC Core routinely logs and reports invalid login attempts for access to all its accounts and interfaces. These logs and reports serve as an important data set for Protect, which warns administrators when many invalid attempts are seen across the network. The event reporting notes the IP and port from which the invalid attempt was made, and makes logs available in the SEC and AUD logs.
The SBC currently logs this information along with the remote IP to the file auth.log. The SBC also pushes the auth.log via syslogd so that Protect can access messages.
If the SBC is configured with a call trace filter to capture all SIP PDU messages in the trace log, then you must update the settings for the fields diskThrottleLimit, eventLogValidation, fileSize and messageQueueSize as per the information provided in the Event Log - CLI page.
Note
To configure pushing SEC and AUD logs to the remote server, see the command set oam eventLog typeAdmin in the page: Event Log - CLI.
Overview
Content Tools