Skip to main content
Skip table of contents

SSH Server Events

Vendor Documentation

https://www.arubanetworks.com/techdocs/AOS-CX/10.07/HTML/5200-8214/Content/fir-int.htm

https://www.arubanetworks.com/techdocs/AOS-CX/10.07/PDF/5200-8214.pdf

Classification

Rule Name

Rule Type

Common Event

Classification

SSH Server Events

Base Rule

General Information Log Message

Information

Mapping with LogRhythm Schema

Device Key in Log Message

LogRhythm Schema

Data Type

Schema Description

Event ID

<vmid>

Number

Event ID 5201, 5202, 5203, 5204, 5205, 5207, 5208

Severity

<severity>

Text/String

For All: Information
For 5208: Error

Message

<subject>
<object>

Text/String

Event ID 5201:
Logs a message when the SSH host-key generated

<subject>
<object>

Text/String

Event ID 5202:
Logs a message when the SSH server is enabled on a VRF

<subject>
<object>

Text/String

Event ID 5203:
Logs a message when the SSH server is disabled on a VRF

<subject>
<object>
<account>

Text/String

Event ID 5204:
Logs a message when add ssh client-public-key into authorized_keys file

<subject>
<object>
<account>

Text/String

Event ID 5205:
Logs a message when delete ssh client-public-key into authorized_keys file

<subject>
<object>

Text/String

Event ID 5207:
Logs a message when the SSH host-key is corrupted

<subject>
<object>

Text/String

Event ID 5208:
Logs a message when a user tries to enable SSH server without setting admin password

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close