If libvirt discovery is enabled, Observium will try to connect to your machine - likely via SSH - to find VMs using virsh. This runs in discovery, so it does coincide with the default "run discovery every 6 hours" ...

Tom

On 09/01/2018 21:47, Cody Cook wrote:
Something that has access to localhost is attempting to login to localhost as root over SSH... so either the user at localhost doesn't have root access already, or something else is trying to login, let's say, password auth instead of key auth. Too many attempts have been done, so it has blocked further attempts. 
I don't think it is related to Observium unless you are doing some kind of SSH connection. Check /var/log/auth.log. Also looks like it runs on schedule every 6 hours so check your cron for things that do SSH locally?



On Tue, Jan 9, 2018 at 12:30 PM, Timothy Illguth <tillguth@alaska.edu> wrote:
Hello Observium,

Just curious about what this means: 

Jan  7 06:51:40 mon sshd[4607]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 57494 ssh2 [preauth]
Jan  7 06:51:40 mon sshd[4613]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 57496 ssh2 [preauth]
Jan  7 12:53:13 mon sshd[2300]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 60920 ssh2 [preauth]
Jan  7 12:53:13 mon sshd[2306]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 60922 ssh2 [preauth]
Jan  7 18:33:51 mon sshd[18311]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 34286 ssh2 [preauth]
Jan  7 18:33:51 mon sshd[18317]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 34288 ssh2 [preauth]
Jan  8 00:52:20 mon sshd[30357]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 39526 ssh2 [preauth]
Jan  8 00:52:20 mon sshd[30363]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 39528 ssh2 [preauth]
Jan  8 06:51:43 mon sshd[350]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 43064 ssh2 [preauth]
Jan  8 06:51:43 mon sshd[362]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 43066 ssh2 [preauth]
Jan  8 12:54:53 mon sshd[9955]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 46520 ssh2 [preauth]
Jan  8 12:54:54 mon sshd[9961]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 46522 ssh2 [preauth]
Jan  8 18:34:40 mon sshd[22397]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 48052 ssh2 [preauth]
Jan  8 18:34:40 mon sshd[22403]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 48054 ssh2 [preauth]
Jan  9 00:33:45 mon sshd[26212]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 51466 ssh2 [preauth]
Jan  9 00:33:45 mon sshd[26218]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 51468 ssh2 [preauth]
Jan  9 06:52:49 mon sshd[17401]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 56818 ssh2 [preauth]
Jan  9 06:52:49 mon sshd[17407]: error: maximum authentication attempts exceeded for root from 127.0.0.1 port 56820 ssh2 [preauth]



We lost all monitoring about this time, is it possibly related? 

--
___________________________
Tim Illguth
Jr. Systems Administrator
Alaska Satellite Facility    


_______________________________________________
observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium




_______________________________________________
observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium