I'm hoping this is the right area to ask this question, as I haven't been able to find any reason as to why this is. The Solarwinds server controlled by our server personnel is being shown to constantly attempt to log into our router through the VTY lines using the SSH protocol on port 22 every 60 seconds, and 1-2 seconds immediately following the failed attempt.
What I'm asking is does IP SLA, Netflow, or parts of Orion require VTY access to the router through SSH. I understand that IP SLA requires SNMP RW strings to be created, and Netflow requires ingress and egress on the pertinent interfaces along with an export server, but do either of those, or Orion/NPM constantly attempt to gain remote access into the Cisco Devices?
I'm certain it's not malicious coding by our server personnel, who are under different management than the team I'm on which controls the network, so I'm confused as to why this would regularly occur.
Mon ## ##:##:## %SEC-6-IPACCESSLOGP: list 176 denied tcp 192.168.33.12(2613) -> 0.0.0.0(22), 3 packets
I've already modified the access list to stop logging these entries as all other denies have been and are logged since it has been making going through the logs increasingly difficult.