- 论坛徽章:
- 2
|
本帖最后由 lgatuk 于 2013-12-03 15:26 编辑
我们有个综合监控系统,我问了管理员,管理员说10.123.0.202是他们的监控系统的IP
监控系统每隔5分钟会向主机发送包确认是否可以连通,这个时间间隔和日志里面也能对的上
但是其他主机都没有这个告警,只有hu02这一台有这个告警,hu02是最近才建设的。
其他主机是生产环境,有CPU利用率。这个hu02是测试机,还未部署业务,一直空跑着,综合监控的管理员说是因为没监控到CPU利用率才有这个告警的。
我怎么不相信呢?
从字面意思理解这个告警,就是说10.123.0.202想通过sshd连接主机,但是他的验证信息无法得到主机通过,是这样吗?
我想听听各位对这个问题的分析、理解,纠正一下我的错误思路,而不是“问问监控管理员吧”之类的建议,谢谢。那个监控管理员不明白原理,问也白问。
参考下HP论坛上别人的回答
Someone connected from 192.234.123.4 to your sshd port, but did not use any recognizable form of the SSH protocol, so sshd closed the connection. Perhaps 192.234.123.4 did not send any data at all, but simply terminated the connection as soon as it opened.
This might happen if you've set up a network monitoring system to periodically check that your sshd service is alive (although a check interval of 2 seconds would be overkill for most purposes).
The best way to find out for sure would be to find the administrator of 192.234.123.4 and ask him/her. If that IP address is outside your organization, you might want to use a firewall to block all unnecessary external access to your network. - Dec 3 12:01:13 hu02 sshd[19350]: Did not receive identification string from 10.123.0.202
- Dec 3 12:06:13 hu02 sshd[19536]: Did not receive identification string from 10.123.0.202
- Dec 3 12:11:13 hu02 sshd[19636]: Did not receive identification string from 10.123.0.202
- Dec 3 12:16:13 hu02 sshd[19777]: Did not receive identification string from 10.123.0.202
- Dec 3 12:21:13 hu02 sshd[19966]: Did not receive identification string from 10.123.0.202
- Dec 3 12:26:13 hu02 sshd[20052]: Did not receive identification string from 10.123.0.202
- Dec 3 12:31:13 hu02 sshd[20152]: Did not receive identification string from 10.123.0.202
- Dec 3 12:36:13 hu02 sshd[20338]: Did not receive identification string from 10.123.0.202
- Dec 3 12:41:13 hu02 sshd[20438]: Did not receive identification string from 10.123.0.202
- Dec 3 12:46:13 hu02 sshd[20523]: Did not receive identification string from 10.123.0.202
复制代码 |
|