Preview Tool

Cisco Bug: CSCsy88946 - %SSH-5-SSH2 from 12.4 IOS not parsed properly

Last Modified

Feb 22, 2014

Products (1)

  • Cisco Security Monitoring, Analysis and Response System

Known Affected Releases


Description (partial)


The following syslog messages are being parsed as generic syslog on MARS, instead of specific to IOS version 12.3 or 12.4:

<189>1691: *Mar 30 16:31:31 MDT: %SSH-5-SSH2_CLOSE: SSH2 Session from (tty = 0) for user 'sdfasdf' using crypto cipher 'aes256-cbc', hmac 'hmac-sha1' closed
<189>1690: *Mar 30 16:31:31 MDT: %SSH-5-SSH2_USERAUTH: User 'sdfasdf' authentication for SSH2 Session from (tty = 0) using crypto cipher 'aes256-cbc', hmac 'hmac-sha1' Failed  
<189>1689: *Mar 30 16:29:19 MDT: %SSH-5-SSH2_SESSION: SSH2 Session request from (tty = 0) using crypto cipher 'aes256-cbc', hmac 'hmac-sha1' Succeeded 


Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.