Monitoring and reporting for Veeam Data Platform
Post Reply
Posts: 371
Liked: 32 times
Joined: Oct 17, 2013 10:02 am
Full Name: Mark
Location: UK

Alarm: Bad Host username logon attempt - exemptions?

Post by lando_uk »

This alarm is very useful to spot anyone sniffing around, but I'm wondering if there's a way of excluding/ignoring certain IP addresses? - as we have a Nessus appliance that is constantly scanning and always triggering this.

I don't suppose there is, but thought I'd ask here.

Veeam Software
Posts: 632
Liked: 167 times
Joined: Nov 01, 2016 11:26 am

Re: Alarm: Bad Host username logon attempt - exemptions?

Post by RomanK »

Hello Mark,

Bad Host username logon attempt alarm is based on BadUsernameSessionEvent event which comes from VI.
It is possible to use wildcards the ‘*’ (asterisk) and ‘?’ (question) in the Event text field. The ‘*’ (asterisk) character stands for zero or more characters. The ‘?’ (question mark) stands for a single character. Unfortunately, there is no negation wildcard mask to ignore specific IP addresses but might be there a chance to do the opposite and specify addresses that shouldn't be ignored.

Post Reply

Who is online

Users browsing this forum: No registered users and 4 guests