Authentication message send to syslog

Unanswered Question


We configured TACACS on our switches and we now would like to send authentication related message to our syslog (eg: Authentication successfull, or unsuccessfull etc...).

Is there a way to have this send to the syslog? I tested by putting the logging trap to debug, but even in that case, i did not get anything about the authentication in the syslog.

Thank you for your help,


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Joe Clarke Thu, 06/28/2007 - 13:19

This is not possible for IOS devices, but you should have an audit trail on your TACACS+ server that lists when users logged in and out.

Thank you for the answer, we indeed have all the logs in our ACS servers, but we currently receive all authentication failure in central syslog servers (from server, from firewall, ...), those syslog entries are monitored to identify and alert multiple authentication failures.

That type of alerting is, at my knowledge, not possible in the Cisco Secure ACS.

That was the reason of my question.

Anyway, thank you for your answer.

Why yes it IS available via CiscoSecure ACS, you just need a current version to do so. I know that v4.1.1b23 has it as well as the latest and greatest version 4.1.3b12 patch 2.

Under System configuration, Logging Configuration, you have tha ability so send any of the log files to syslog servers on any specified port (very handy for syslogNG implementations)

Richard Burts Fri, 06/29/2007 - 07:40

Marc and Andy

It has been the traditional answer that you could not do this directly from IOS to syslog and if you wanted it you had to go through ACS to get notification of login failure (or success). In release 12.3(4)T and 12.4 Cisco introduced a new feature where you can send directly to syslog for login success or for login failure. You can use this command:

login on-failure log [every login]

and there is also a command to log successes.

For more information about this feature this link would be useful:




This Discussion