How to determine ION device toolkit authentication failure for remote login from logs?

How to determine ION device toolkit authentication failure for remote login from logs?

127
Created On 10/31/22 10:25 AM - Last Modified 11/12/25 22:38 PM


Objective


How to determine ION device toolkit authentication failure  for remote login from logs?

Environment


Prisma SD-WAN
ION

Procedure


ION device toolkit authentication failure for remote login can be found from the ION device logs with below cli command:

debug logs dump authpriv | grep "authentication failure"

For Eg:

2022-10-31T10:22:29.272 not login      14651  authpriv              pam-all text:pam_unix(login:auth): authentication failure; logname= uid=0 euid=0 tty=/dev/pts/2 ruser= rhost=  user=xxxx, _event:✓

Note:
  • Timezone of the log is in UTC
  • xxxx is the device toolkit user that initiated an authentication failure event.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000kEupCAE&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail