sending syslog message on logon

Answered Question
Sep 20th, 2007

Hi forum,

How do I configure the syslog to send message when user logon to the router, either success or fail.

Thanks much,

paul

I have this problem too.
0 votes
Correct Answer by yjdabear about 9 years 3 months ago

Do you have the pre-requisite "login block-for seconds attempts tries within seconds" configured, as specified in this section? I'm not sure how "log on-success ..." worked if the above were not configured.

http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a0080455b93.html#wp1027195

Also, according to this document

http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cg/hsec_c/part30/h_login.htm

"Logging messages for failed login attempts are automatically enabled when the auto secure command is issued; they are not automatically enabled for successful login attempts via autosecure."

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
paulnigel Thu, 09/20/2007 - 17:41

Thank you very much yjdabear,

This solves my problem!

Thanks much,

PN

paulnigel Mon, 09/24/2007 - 16:14

Hi Yjdabear,

I am able to log the success logon, but i cant log the failure logon, i use this command:

login on-failure log

login on-success log

but i only get this:

%SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user:

anything that I must look out for?

Thanks much,

PN

yjdabear Mon, 09/24/2007 - 20:13

Are the failures showing up with "show login" or "show login failures"?

paulnigel Mon, 09/24/2007 - 20:27

Hi yjdabear,

when I issue sh login failures, i get this result, actually i tried with failed attempts to test, therefore it cant be true:

sh login failures

*** No logged failed login attempts with the device.***

I am actually login to a remote syslog server.

Thanks much,

paul

Correct Answer
yjdabear Tue, 09/25/2007 - 07:01

Do you have the pre-requisite "login block-for seconds attempts tries within seconds" configured, as specified in this section? I'm not sure how "log on-success ..." worked if the above were not configured.

http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a0080455b93.html#wp1027195

Also, according to this document

http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cg/hsec_c/part30/h_login.htm

"Logging messages for failed login attempts are automatically enabled when the auto secure command is issued; they are not automatically enabled for successful login attempts via autosecure."

paulnigel Tue, 09/25/2007 - 17:05

Hi Yjdabear,

You are indeed very helpful. yes you are right, it works now!

Thanks much,

Pnigel

Actions

This Discussion