Manualshelf

SSH Reference Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series
311312313314315316317318319320
Event
Id
Event Name Conditions Pattern Token Values
1
Authenticatio
nEvent
Authentication
successful,
method not
publickey and not
gssapi-with-mic
"%sessionId: %user@%remoteAddress
%action %outcome (method %method):
%reason. System user: %systemUser"
%sessionId: SESSION-LOG-ID
%user: SSH username
%remoteAddress: remote IP
address
%action: ‘authentication’
%outcome: ‘granted’
%method: authentication method
%reason: reason
Authentication
successful,
method publickey
or gssapi-with-
mic
"%sessionId: %user@%remoteAddress
%action %outcome (method %method,
%publickeyOrPrincipal): %reason. System
user: %systemUser"
%sessionId: SESSION-LOG-ID
%user: SSH username
%remoteAddress: remote IP
address
%action: ‘authentication’
%outcome: ‘denied’ or ‘failed’
%method: authentication method
% publickeyOrPrincipal: name of
publickey or principal name
%reason: reason
2
Authenticatio
nEvent
Authentication
failed,
Method not
publickey and not
gssapi-with-mic
"%sessionId: %user@%remoteAddress
%action %outcome (method %method):
%reason."
%sessionId: SESSION-LOG-ID
%user: SSH username
%remoteAddress: remote IP
address
%action: ‘authentication’
%outcome: ‘granted’
%method: authentication method
%reason: reason
Authentication
failed,
Method
publickey or gssi-
with-mic
"%sessionId: %user@%remoteAddress
%action %outcome (method %method,
%publickeyOrPrincipal): %reason."
%sessionId: SESSION-LOG-ID
%user: SSH username
%remoteAddress: remote IP
address
%action: ‘authentication’
%outcome: ‘denied’ or ‘failed’
%method: authentication method
% publickeyOrPrincipal: name of
publickey or principal
%reason: reason
3
TerminateSe
ssionEvent
"%sessionId: %user@%remoteAddress
terminate session"
%sessionId: SESSION-LOG-ID
%user: SSH username
%remoteAddress: remote IP
address
4
SubsystemEv
ent
Successful
"%sessionId: %user@%remoteAddress
%action %object %outcome"
%sessionId: SESSION-LOG-ID
%user: SSH username
%remoteAddress: remote IP
address
%action: ‘subsystem’
%object: name of subsystem
%outcome: ‘granted’
312 Monitoring and Auditing HP NonStop SSH Reference Manual