Created on 06-30-2025 09:13 PM
The following system event log can be seen when an unauthorized admin login attempt is made from the SSH console:
date=2025-06-26 time=15:49:29 eventtime=1750924169871700802 tz="+0800" logid="0100032002" type="event" subtype="system" level="alert" vd="root" logdesc="Admin login failed" sn="0" user="unknown" ui="ssh(10.111.36.103)" method="ssh" srcip=10.111.36.103 dstip=10.47.2.186 action="login" status="failed" reason="internal_error" msg="Administrator unknown login failed from ssh(10.111.36.103) because of an internal error"
The same system admin login activity can be seen in the alert console list output for the same FortiGate device.
fgt (global) # diagnose alertconsole list 2025-06-26 15:56:09 Administrator unknown from ssh(10.111.36.103) login failed2025-06-26 15:50:17 Administrator unknown from ssh(10.111.36.103) login failed2025-06-26 15:49:29 Administrator unknown from ssh(10.111.36.103) login failed
This system event indicates an unusual SSH login attempt without specifying a username on the login prompt:
login as:
@10.47.2.186's password:
Access denied
…
[omitted]
Related article:
Technical Tip: Prevent unknown user's access to the network
You are leaving our site and we cannot be held responsible for the content of external websites
