CES is sending SNMP trap that states maximum number of failed login attempts has occurred...

[learningSkype]

Scratching my head on this one. We have 2 CES servers and they keep sending SNMP traps stating that an account name has failed to login too many times and it's driving us nuts. Just wondering if this has happened to any one else. Avaya told me that it's a certain account name from another server but when I questioned the team that manages that server they want to see logs. I'm hitting the books next but if you have any insight, please reply.

the trap literally says "the maximum number of failed login attempts has occurred.

 

[kyle555]

Check PAM or other Linux stuff for locked out accounts? Is it a AD account for a user of CES services or is it a linux account for monitoring from an NMS - or say, like a SAL

If it's Avaya's SAL and it's access isn't set up right, its Avaya's automated tools.

Got a SAL? Remove CES from it if it's there and try that!

 

[learningSkype]

It's not SAL, at least I don't think. how do you see what account is trying to log in? I've looked at some logs, but not sure which is the right file to review.