The SBC routinely logs and reports invalid login attempts for access to all its accounts and interfaces. These logs and reports serve as an important data set for Ribbon Protect, which warns administrators when many invalid attempts are seen across the network. The event reporting notes the IP and port from which the invalid attempt was made, and makes logs available in the SEC and AUD logs.
The Ribbon SBC currently logs this information along with the remote IP to the file auth.log. The Ribbon SBC will now also push the auth.log via syslogd so that Ribbon Protect can access messages.
To configure the SEC and AUD logs to push to the remote server, see the command set oam eventLog typeAdmin on this page: Event Log - CLI.
Overview
Content Tools