05-22-2007 06:24 AM - edited 03-05-2019 04:12 PM
Hello,
I have a a 2620XM router configured as a dial-in router. There has been debate on how much this sytem is being used and I want to configure syslog capturing to see which users are logging in, at what time and for how long.
My current config for this looks like this:
logging count
logging buffered 4096 informational
logging 192.168.10.3
Will this allow me to capture what I need?
05-22-2007 06:44 AM
Chris
There are several aspects of your question that are not quite clear to me. When you say that you want syslog capturing I am not clear whether you will login to the router periodically and do the show log command to check the syslog? If this is the case then I believe that 4096 is probably too small a value. If it is not the case that you will check on the router itself, then configuration of the logging buffer size and changing the logging level from debugging to informational does not matter for this question.
Or will you be checking on a syslog server (assuming that 192.168.10.3 is running syslog server software and is properly configured for syslog)? It will be receiving informational level syslog messages.
It is also not clear what you are looking at in syslog to give you information about the user logins, at what time, and for how long. If you can give us information about this we may be able to give you better answers about whether your syslog configuration is appropriate.
HTH
Rick
05-22-2007 06:56 AM
Thanks Rick.
I will beusing a syslog server.
What I want to capture, if possible is the usernames and logon/logoff times/dates.
Chris
05-22-2007 06:55 AM
hello trenholm
syslog is more useful for troubleshooting network issues and to log any system error messages, like duplicate ips, interface up/down, power supply down etc... you need to use this correctly and only for some useful info, otherwise this will fill in a lot of memory on the server/router etc..
what you are referring to is the accounting information, which a syslog cannot give. syslog can give info on who has logged in and success/failure logins, but will not tell you when the user has logged out and is not a good tool for accounting. you need to have a good radius server like ACS which can do this !!!! try using the following commands:
logging trap debugging
logging x.x.x.x
login on-failure log
login on-success log
this can give you some basic info, but not a detailed accounting logs.. you can also try applying a access-list on the RAS port and do a log on it and see if you are getting any useful info :)
Hope this helps.. all the best.. rate replies if found useful..
Raj
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: