Saucepan

User Tools

Site Tools

Trace: multi_vsys vpn disk_space oracle firewall-hardware multicast credential_phishing_prevention aws aws_transit_gateway ssh
paloaltonetworks:logs:syslog:ssh

This is an old revision of the document!

Table of Contents

SSH Syslog

Medium

( subtype eq ssh ) and ( severity eq medium )
( eventid eq ssh-session-establishment-failed ) and ( description contains 'Protocol major versions differ for 192.168.1.1: SSH-2.0-OpenSSH_12.1 vs. SSH-1.5-Nmap-SSH1-Hostkey.' )
( eventid eq ssh-session-establishment-failed ) and ( description contains 'Protocol major versions differ for 192.168.1.1: SSH-2.0-OpenSSH_12.1 vs. SSH-1.5-NmapNSE_1.0.' )

Informational

( subtype eq ssh ) and ( severity eq informational )
( eventid eq ssh-ciphers-changed ) and ( description contains 'Ciphers set to default for MGMT SSH.' )
( eventid eq ssh-ciphers-changed ) and ( description contains 'New ciphers set for MGMT SSH.' )
( eventid eq ssh-bootup-keygen ) and ( description contains 'Retrieving ecdsa key of length 256 from cryptod for HA SSH' )
( eventid eq ssh-bootup-keygen ) and ( description contains 'Retrieving ecdsa key of length 521 from cryptod for HA SSH' )
( eventid eq ssh-bootup-keygen ) and ( description contains 'Retrieving ecdsa key of length 384 from cryptod for HA SSH' )
( eventid eq ssh-bootup-keygen ) and ( description contains 'Retrieving ecdsa key of length 256 from cryptod for Mgmt SSH' )
( eventid eq ssh-bootup-keygen ) and ( description contains 'Retrieving ecdsa key of length 521 from cryptod for Mgmt SSH' )
( eventid eq ssh-bootup-keygen ) and ( description contains 'Retrieving ecdsa key of length 384 from cryptod for Mgmt SSH' )
( eventid eq ssh-bootup-keygen ) and ( description contains 'Retrieving rsa key of length 4096 from cryptod for HA SSH' )
( eventid eq ssh-bootup-keygen ) and ( description contains 'Retrieving rsa key of length 3072 from cryptod for HA SSH' )
( eventid eq ssh-bootup-keygen ) and ( description contains 'Retrieving rsa key of length 2048 from cryptod for HA SSH' )
( eventid eq ssh-bootup-keygen ) and ( description contains 'Retrieving rsa key of length 4096 from cryptod for Mgmt SSH' )
( eventid eq ssh-bootup-keygen ) and ( description contains 'Retrieving rsa key of length 3072 from cryptod for Mgmt SSH' )
( eventid eq ssh-bootup-keygen ) and ( description contains 'Retrieving rsa key of length 2048 from cryptod for Mgmt SSH' )
( eventid eq unknown ) and ( description contains 'Retrieving ecdsa key of length 256 from cryptod for HA SSH' )
( eventid eq unknown ) and ( description contains 'Retrieving ecdsa key of length 521 from cryptod for HA SSH' )
( eventid eq unknown ) and ( description contains 'Retrieving ecdsa key of length 384 from cryptod for HA SSH' )
( eventid eq unknown ) and ( description contains 'Retrieving ecdsa key of length 256 from cryptod for Mgmt SSH' )
( eventid eq unknown ) and ( description contains 'Retrieving ecdsa key of length 521 from cryptod for Mgmt SSH' )
( eventid eq unknown ) and ( description contains 'Retrieving ecdsa key of length 384 from cryptod for Mgmt SSH' )
( eventid eq unknown ) and ( description contains 'Retrieving rsa key of length 4096 from cryptod for HA SSH' )
( eventid eq unknown ) and ( description contains 'Retrieving rsa key of length 3072 from cryptod for HA SSH' )
( eventid eq unknown ) and ( description contains 'Retrieving rsa key of length 2048 from cryptod for HA SSH' )
( eventid eq unknown ) and ( description contains 'Retrieving rsa key of length 4096 from cryptod for Mgmt SSH' )
( eventid eq unknown ) and ( description contains 'Retrieving rsa key of length 3072 from cryptod for Mgmt SSH' )
( eventid eq unknown ) and ( description contains 'Retrieving rsa key of length 2048 from cryptod for Mgmt SSH' )
paloaltonetworks/logs/syslog/ssh.1591261475.txt.gz · Last modified: (external edit)