NetScaler Management Login Log

I recently visited a client and started doing some health checks on the NetScaler pair they're using.

Among other messages I got a message that a user was trying to log in to the appliances using SSH.

The message on the Command Center did not provide any information about the source of the attemts, only the username used. Since these attempts were about fine a day and at certain times of the day, I realized that it should be some kind of monitoring tool. But I had to get the IP of the source in order to investigate further...

The first few searches did not yell any results since they were all related to the AAA servers that could be set up on the NetScaler. I then decided to search within the BSD system logs and put the NetScaler logs aside.

You can find the login attempts, for the NetScaler system, by reviewing the log file located at /var/log/auth.log

I found the IP of the source there and it was a monitoring tool!

Popular posts from this blog

IIS Client Certificate Revocation Check Disable

How to Configure Message Forwarding on a Mailbox Level

Syslog Message Collection for OMS from sources that do not support the agent