This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG - Logs showing message="User '-' failed to login

Hey Guys,

I'm seeing an unusual logins on my Sophos XG 115. The user is - and the IP it's coming from is my DC (192.168.0.10). About every hour I'm seeing:

Adminmessageid="17507"
log_type="Event"
log_component="CLI"
log_subtype="Admin"
status="Failed"
user="-"
src_ip="192.168.0.10"
additional_information=""
message="User '-' failed to login from '192.168.0.10' using ssh because of wrong credentials"

No RDP or other ports open from the WAN. I do have SSL VPN setup. It's a pretty brand new 2016 DC setup.

I am running Labtech on the DC, so my gut feeling is it might be the Labtech network probe doing it.

How would I go about figuring out what's causing the logon attempt? What is user - ?

This thread was automatically locked due to age.

Parents

0 LUPike over 6 years ago

I am receiving these notifications as-well. They are coming from a PC on the network with LabTech (now ConnectWise) agent on it. The agent on the client PC is setup as with as Master and has the Network Probe on as-well. I am going to follow up with ConnectWise to see how I might be able to better leverage this.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 LUPike over 6 years ago

I am receiving these notifications as-well. They are coming from a PC on the network with LabTech (now ConnectWise) agent on it. The agent on the client PC is setup as with as Master and has the Network Probe on as-well. I am going to follow up with ConnectWise to see how I might be able to better leverage this.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Aaron Berger over 6 years ago in reply to LUPike

Hey Luke,

I figured it was Labtech/Connectwise as it stopped when I disabled the agent. But I haven't had a chance to troubleshoot further. Did you get a reply from Connectwise?
Cancel
Vote Up 0 Vote Down

Cancel