Can you log successful telnet session to the router?

Unanswered Question
Aug 28th, 2007
User Badges:

Hi There,

Is there a way to log successful logins/telnet to the router?

Say JoeBlow has access and telnets successfully to the router. I want to be able to do a "show log" on the router and see that JoeBlow logged in at this time and date. Is there a way to do this??? I also want to log when someone changes to enable mode.

I'm using IOS 12.3(22) on a Cisco 7206VXR.

Thanks in advance.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Joe Clarke Tue, 08/28/2007 - 23:12
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

This is not doable without an external authentication server unless you are running 12.3(4)T or higher or 12.2(25)S or higher. On those versions of IOS, you can use the "login on-success" command to configure logging of successful login attempts to the device.

andysaykao Wed, 08/29/2007 - 22:27
User Badges:

Thanks heaps.

We won't be upgrading IOS soon but it's nice to know.

andysaykao Wed, 08/29/2007 - 22:42
User Badges:

Is there a way to have multiple routers log to one syslog server and have the log files separated so that messages sents from router1 gets logged to router1.log, router2 gets logged to router2.log, etc ???


mnlatif Thu, 08/30/2007 - 05:31
User Badges:

You can have each router send logs with its own unique facility "logging facility local0" etc. Then at the traditional unix syslog server you can modify the syslog conf file to store messages from different facilities into different files.

However this solution is not scalable as you only have local0-local7 facilities available.

A much better and scalable solution is to use a different syslog server, which can look inside the message (beyond the facility level) and then place them into appropriate files.

syslog-ng ( is excellent and free. Its also included with most linux distros.

You can use it to filter on almost any thing in the message (You can filter it based on the sending device) and then store messages into their specific files. The messages can even be stored directly into a mySQL database.

\\ Naman


This Discussion