Symantec Privileged Access Management

  • Private Community
 View Only

  • 1.  RSH: Null Login Detected from CA Pam Appliance

    Posted May 06, 2019 12:09 PM

    Our Network Intrusion Detection System is picking up multiple connections marked as RSH:Null Login from our PAM Appliance. What can be the caused of this issues?  Is tomcat logs the appropriate log to check? What should I be checking in the logs? 



  • 2.  Re: RSH: Null Login Detected from CA Pam Appliance

    Broadcom Employee
    Posted May 06, 2019 02:28 PM

    I checked our Support case history and I do not see any instances of customers reporting the alert you are seeing "RSH:Null Login".

     

    The Tomcat log may contain some information about the user login, but the best log to start looking into this would be the Session logs (sessions > logs). This might show why a login failed or if there was some other problem with the login. Otherwise there is likely not much you will find in the logs available to customers, but there may be something more useful in the logs.bin file which customers are unable to open and review.

     

    If you are not able to find anything useful under Tomcat or Session Logs then I would suggest opening a ticket with Support to have this issue looked into properly. If you do open a support ticket please include your logs.bin and session log export immediately for review.

     

    Regards,

    Christian Lutz

    Support Engineer 3

    Broadcom (CA) - ESD Support