cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
559
Views
0
Helpful
3
Replies

Syslog configuration

c.trenholm
Level 1
Level 1

Hello,

I have a a 2620XM router configured as a dial-in router. There has been debate on how much this sytem is being used and I want to configure syslog capturing to see which users are logging in, at what time and for how long.

My current config for this looks like this:

logging count

logging buffered 4096 informational

logging 192.168.10.3

Will this allow me to capture what I need?

3 Replies 3

Richard Burts
Hall of Fame
Hall of Fame

Chris

There are several aspects of your question that are not quite clear to me. When you say that you want syslog capturing I am not clear whether you will login to the router periodically and do the show log command to check the syslog? If this is the case then I believe that 4096 is probably too small a value. If it is not the case that you will check on the router itself, then configuration of the logging buffer size and changing the logging level from debugging to informational does not matter for this question.

Or will you be checking on a syslog server (assuming that 192.168.10.3 is running syslog server software and is properly configured for syslog)? It will be receiving informational level syslog messages.

It is also not clear what you are looking at in syslog to give you information about the user logins, at what time, and for how long. If you can give us information about this we may be able to give you better answers about whether your syslog configuration is appropriate.

HTH

Rick

HTH

Rick

Thanks Rick.

I will beusing a syslog server.

What I want to capture, if possible is the usernames and logon/logoff times/dates.

Chris

sachinraja
Level 9
Level 9

hello trenholm

syslog is more useful for troubleshooting network issues and to log any system error messages, like duplicate ips, interface up/down, power supply down etc... you need to use this correctly and only for some useful info, otherwise this will fill in a lot of memory on the server/router etc..

what you are referring to is the accounting information, which a syslog cannot give. syslog can give info on who has logged in and success/failure logins, but will not tell you when the user has logged out and is not a good tool for accounting. you need to have a good radius server like ACS which can do this !!!! try using the following commands:

logging trap debugging

logging x.x.x.x

login on-failure log

login on-success log

this can give you some basic info, but not a detailed accounting logs.. you can also try applying a access-list on the RAS port and do a log on it and see if you are getting any useful info :)

Hope this helps.. all the best.. rate replies if found useful..

Raj

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: