Guest

Preview Tool

Cisco Bug: CSCsy88946 - %SSH-5-SSH2 from 12.4 IOS not parsed properly

Last Modified

Feb 22, 2014

Products (1)

  • Cisco Security Monitoring, Analysis and Response System

Known Affected Releases

6.0(2)

Description (partial)

Symptom:

The following syslog messages are being parsed as generic syslog on MARS, instead of specific to IOS version 12.3 or 12.4:

<189>1691: *Mar 30 16:31:31 MDT: %SSH-5-SSH2_CLOSE: SSH2 Session from 10.33.168.78 (tty = 0) for user 'sdfasdf' using crypto cipher 'aes256-cbc', hmac 'hmac-sha1' closed
<189>1690: *Mar 30 16:31:31 MDT: %SSH-5-SSH2_USERAUTH: User 'sdfasdf' authentication for SSH2 Session from 10.33.168.78 (tty = 0) using crypto cipher 'aes256-cbc', hmac 'hmac-sha1' Failed  
<189>1689: *Mar 30 16:29:19 MDT: %SSH-5-SSH2_SESSION: SSH2 Session request from 10.33.168.78 (tty = 0) using crypto cipher 'aes256-cbc', hmac 'hmac-sha1' Succeeded 

Conditions:

N/A
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.